Vulnerability reports

Vulnerability Reports

VULNERABILITY DISCLOSURE POLICY

At TELTONIKA we take security issues very seriously, and always seek to respond appropriately. If you have found a potential security issue in any TELTONIKA product or software, please contact us via our specialized security contact form that will automatically forwards your request to the appropriate security team.

We respect privacy, and we are also happy to accept anonymous vulnerability reports, but we would not be able to contact you for additional information and send thank you.

In addition, please allow TELTONIKA security team at least 90 days to fix the vulnerability before publicly discussing or blogging about it.

REPORT DETAILS

  • Product(s) and Software version(s) affected
  • Vulnerability overview
  • Issues Description and Impact (arbitrary code execution, information disclosure, …)
  • Instructions to reproduce the issue
  • A proof-of-concept (PoC)

SCOPE

We would love it if people reported other bugs via the appropriate channels, but since the purpose of this program is to fix security vulnerabilities, only bugs that lead to security vulnerabilities will be eligible.

In order to confirm the vulnerability must exist in the latest public release of the software or firmware. Our latest firmware release version can be found in Teltonika Wiki Knowledge Base under firmware errata category.

Here is defined vulnerability handling process:

Policy