Security Vulnerability Policy

Last Updated: 30 April 2025

Introduction

A security vulnerability is a flaw in the design or implementation of features in a product or service (in the cloud) which can be exploited to compromise system security, customer data, or any sensitive information.

Reporting Security Vulnerabilities to Pepwave

If you believe that you have identified a security vulnerability, please report to Pepwave via [email protected]. Our team will get in touch with you directly for further analysis of the issue.

Please include essential information, including but not limited to:

• The affected product(s)
• Version of running firmware
• Diagnostic reports
• Description of vulnerability and any steps to reproduce it

Pepwave’s Response to Security Vulnerability

All vulnerability reports will be analyzed by our Security Team. Pepwave will acknowledge vulnerability reports within 24 hours.

Security Fixing Policies

Normally, security fixes will follow our regular firmware release cycles and be made available in the next production release.

In the case of zero-day vulnerabilities, critical fixes as special firmware releases will be made available as soon as they are ready.