Xfinity Modem log4j vulnerability

Have we gotten confirmation that Xfinity routers are NOT vulnerable? 

Hello! Thank you for reaching out to us! Could you please send our team a private message with your full name and full address? Our team can most definitely 
take a further look at this for you.

To send a "Peer to peer" ("Private") message:
Click "Sign In" if necessary
• Click the "Peer to peer chat" icon
• Click the "New message" (pencil and paper) icon
• Type "Xfinity Support" in the "To:" line and select "Xfinity Support" from the drop-down list which appears. The "Xfinity
Support" graphic replaces the "To:" line
• Type your message in the text area near the bottom of the window
• Press Enter to send it

@XfinityCrystal A private mesage is the wrong approach here. You have thousands of customers with this same concern; it is not specific to any one account or one device. Every device running program code written in Java and using the standard Java Log4j logging utility is vulnerable to a simple hacking attack. This afects millions, possibly billions of devices around the world. We want confirmation that Xfinity routers are not vulnerable to this attack or that they have been updated to fix the vulnerability (and a way to confirm that our personal devices have been updated).

Hi, @Go-Bears Thank you for taking the time to reach out to us in regard to this matter. We take these matters very seriously and do all that we can in order to ensure that we do our best when it comes to keeping you safe online. We have features like Xfinity xFi Advanced Security set in place to help with online security. This link will give you a brief overview of the service and how it works. We also have our Customer Security Assurance Team which is available 7 days a week from 6:00 am to 2:00 am. The Customer Security Assurance team is available to respond to issues pertaining to phishing, spam, infected computers (commonly referred to as bots), online fraud, and other security issues. You can reach out to them by clicking on the link provided above or by calling 1-888-565-4329. 

@XfinityCrystal I would be helpful if you could inform us if any Comcast system/device using the Apache web service with Log4J would be vulnerable to it.

@JC123456789​ 

Ok that's great for rented hardware however all the low income people who don't rent their gateways are they effected?

@XfinityMikeB @XfinityLuis  Thank you for the replies, but I still have not seen an official Comcast response actually addressing the Log4j/Log4Shell vulnerability. We are looking for either an unambiguous statement that there is no Log4Shell vulnerability, or that there is one and you are working on a patch to solve it, or that you are still investigating and will have an update by a specific date.  Although anyone who does not yet know if their systems are vulnerable at this point obviously does not take network security seriously. Please escalate this internally and get a formal response published ASAP.

"We are aware of the issue" does not tell us anything. This is not a virus or something that would be stopped by the XFinity firewall or xFi Advanced Security.  It is a (possible) bug in the actual router code or xFi Advanced Security code itself that could make it vulnerable to attack, and would require an update to the Comcast/XFinity code itself to fix.

I sent @Xfinity Support  a private message as they requested.