-Affected product(s) and software version(s);
-Issue description and impact (including arbitrary code execution, information disclosure, etc.);
-Instructions to reproduce the issue; A proof-of-concept (POC).
Only reports related to security vulnerabilities that affect Teltonika Networks products or services will be accepted. Bugs or other issues not related to security will not be addressed via this channel. Please see the following vulnerability handling process:
Providing secure products and services is a high priority to us. Therefore, we strive to ensure that our products and services are designed, developed, and rigorously tested with a focus on security at every stage.
For this reason, we have a dedicated Cyber Security Team closely collaborating with engineers through the development lifecycle. The Cyber Security Team regularly performs internal and external security audits. They include vulnerability management, penetration tests, threat modeling, attack surface reduction, code reviews, static code scanning, and continuous improvements of the development process to meet “secure by design” principles.
Every employee in Teltonika Networks must complete an annual cyber security course involving general cyber security awareness and development practices. Besides, our development teams are educated in common software weakness types and vulnerabilities, unsecure functions, memory management, and information security concepts, such as defense in depth, attack surface, or privilege escalation.
We welcome all customer reports regarding security issues and take high-priority action on quick and decisive remediation. Any information provided to us will only be used to resolve security vulnerabilities swiftly and efficiently.