Apache Log4j Vulnerability in Omada Controller - Updated on May 18, 2022 [Case Closed]

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Apache Log4j Vulnerability in Omada Controller - Updated on May 18, 2022 [Case Closed]

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
66 Reply
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-16 05:52:51

Is there an updated list of firewall rules for the 4.x.x controller vs the 5.x.x controller?

Specifically, between the controller and EAPs?

 

Upon upgrading from 4.4.6 to 5.0.15 or 5.0.27 the EAPs get stuck at the "ADOPT" stage.

I don't see any firewall blocks.

 

Upon reverting the controller VM back to the snapshot prior to the upgrade, all my EAPs adopt successfully and everything works perfect.

  0  
  0  
#34
Options
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-16 06:03:40

@WirelessForEver 

 

More than likely you're running into the Adopt/Provisioning loop bug that cropped up in 5.0.15+... which I guess must not be fully fixed in 5.0.27.

 

Contact support. They can take your current running file, backup, and logs and fix the issue in the database for you. They send you a fixed backup file you import and it fixes the problem. Open a ticket w/ support. You'll need to send them the following info:

 

1. What's the previous controller version you upgraded the controller v5.0.15 from?

2. A backup file of your controller that exported before the upgrade.

3. The Running Log, it can be exported under Settings -> Services -> Export Data.

 

See: https://community.tp-link.com/en/business/forum/topic/508622

  0  
  0  
#35
Options
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-16 07:07:02

@CLT-Geek 

 

Awesome! Thanks so much!

That's exactly what's happening.

 

I read the guide over and over and couldn't see any changes.

This was right when 5.x.x came out and I forgot to follow up after more people had updated.

  0  
  0  
#36
Options
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-16 17:15:09

I see the firmware update shown in the post, but after much searching around, i don't see any way to apply it. Using the UI of the OC200, it says there is no updated firmware, probably because this is still a beta release. But haven't found another way to do this. It seems a lot of folks here have found the page that makes this obvious to do. any pointers to that doc?

Using Omada for HomeLab. For work I am an Evangelist at Datadog.
  0  
  0  
#37
Options
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-16 17:57:41 - last edited 2021-12-16 17:58:05

@technovangelist Settings -> Maintenance and then at the bottom there is a option for "Manual Upgrade" where you can select the file that you downloaded.

  0  
  0  
#38
Options
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-16 18:00:13

@mackworth 

That is definitely what i would expect, but there is no such option there

Using Omada for HomeLab. For work I am an Evangelist at Datadog.
  0  
  0  
#39
Options
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-16 18:03:52

@technovangelist Hmm, I am looking at my OC200 web interface right now.  I haven't updated to the beta yet, so this is still from the latest stable release.  

  0  
  0  
#40
Options
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-16 18:04:48

@technovangelist Ahh, i see the problem. When logging in via https://omada.tplinkcloud.com/#controller there is no such option. But when opening the webpage at the ip address of the controller, then you see that option

Using Omada for HomeLab. For work I am an Evangelist at Datadog.
  0  
  0  
#41
Options
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-17 01:46:19

Dear @WirelessForEver,

 

WirelessForEver wrote

Upon upgrading from 4.4.6 to 5.0.15 or 5.0.27 the EAPs get stuck at the "ADOPT" stage.

 

Follow this post, your case has been escalated. Please kindly reply to the support email for further follow-up, the support engineer will help you effectively. Thank you for your cooperation and patience!

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#42
Options
Re:[Solution] Apache Log4j Vulnerability in Omada Controller
2021-12-17 06:38:09

 

Fae wrote

Dear @WirelessForEver,

 

WirelessForEver wrote

Upon upgrading from 4.4.6 to 5.0.15 or 5.0.27 the EAPs get stuck at the "ADOPT" stage.

 

Follow this post, your case has been escalated. Please kindly reply to the support email for further follow-up, the support engineer will help you effectively. Thank you for your cooperation and patience!

@Fae 

 

Will do.  Happy to help.

  0  
  0  
#43
Options