Peplink Polices

Introduction

A security vulnerability is a flaw in the design or implementation of features in a product or service (in the cloud) which can be exploited to compromise system security, customer data or any sensitive information.

Reporting Security Vulnerabilities to Peplink

If you believe that you have identified a security vulnerability, please use this secured and encrypted form to report to Peplink: https://ticket.peplink.com/ticket/new/public

This is the most preferred method of contact. A member of our Peplink Security Team will get in touch with you directly for further analysis of the issue.

In rare situations where using the form is not possible, you may report vulnerabilities by sending email to [email protected]. Please be reminded to include essential information, including but not limited to:

• The affected product(s)
• Version of running firmware
• Diagnostic reports
• Description of vulnerability and any steps to reproduce it

Peplink’s Response to Security Vulnerability

All vulnerability reports will be analyzed by our Security Team. Peplink will acknowledge vulnerability reports within 24 hours.

Security Fixing Policies

Normally, security fixes will follow our regular firmware release cycles and be made available in the next production release. In the case of zero-day vulnerabilities, critical fixes as special firmware releases will be made available as soon as they are ready.

Announcement of Security Fixes

Peplink will release security vulnerability announcements publicly on our forum, only when the fixes are available, at: https://forum.peplink.com/tag/security-advisory