Product Security

In today’s hyper-connected world, telecommunications and IoT devices comprise a large portion of modern infrastructure. From critical communication networks to smart home devices, AI-Enabled systems and industrial control systems, security vulnerabilities in products can have severe consequences.

Given these risks, ensuring the security of our products and customer assets is our top priority. At Gemtek, we are committed to working with our Industry partners, security researchers, ethical hackers, user community, and our customers to identify and mitigate vulnerabilities before they can be exploited.

That is why we share the following Responsible Disclosure Policy for potential non-public vulnerabilities discovered external to our organization.

Responsible Disclosure Policy

Scope

  • Embedded systems, IoT devices, telecom hardware/software, cloud services, APIs that are provided by Gemtek.
  • Communication protocols, firmware, and software stacks used in our devices.
 

This policy excludes

  • Any activities that disrupt or degrade services (e.g., DDoS, brute-force attacks).
  • Social engineering, phishing, or physical security testing.
  • Issues in third-party components not maintained by Gemtek.

How to Report a Vulnerability

If you identify a security vulnerability in our products or services, please report it promptly via:

Optional: Encrypt your report using our PGP key:

Gemtek Public Key

Fingerprints
  • SHA256 Fingerprint: 7c2caf7c92d536412d82d77e7e2472ae6ee202c924c9f280a4f894d614cdda04
  • SHA512 Fingerprint: 82218245d8d4ba818c90946d430e93769bcf033d4e9ae556529d8da27c101d695ed84c819179b677b8b9c992ed6ba3f1d18cc3b286f6a83f8f8cf1b9cd7cc965
 

Download Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
mHMEZ7cmGRMJKyQDAwIIAQELAwMEYnpX8uq6GBahPwl2BkdyE6vAuOJW3POY4jsG U8OxRHgEdi8jetvuGC27l/0gYnEBFE2f+yukrxuIYgLH7Y6T2RLjbCehRPzsdIzA y+JHRpkND5HEhwUe4iaAWObSM0CYtEFQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIDxwcm9kdWN0X3NlY3VyaXR5QGdlbXRla3MuY29tPoi5BBMTCQBB FiEE+4j6eFeDJVfKQ0OICeUothFQjccFAme3JhkCGwMFCQHrpJcFCwkIBwICIgIG FQoJCAsCBBYCAwECHgcCF4AACgkQCeUothFQjcd6IgF/QOsUVGi/W/5a1wQvcdKK U9jh0tvTE9cu8WJbQeQqzXXSjuzDhau2y939kN6nunVpAX9A5mblo+haL6Yc07jT 23aGhGoq2XFKKQpCbNISqcJmulYlZI8uJwWTdnntpVcTBTS4dwRntyYZEgkrJAMD AggBAQsDAwQcD2E2GwzwjdC7X+atI50DH+x9hNLXPYXu52gZOacqySUiLGjnl3qt SC8ne5+BV3YY2lfBsYcoKj0rEBVfaMwEtE7V4kTtedfB//SdHfmRwX2xR+QQnUzw o3psVb1ouuwDAQkJiJ4EGBMJACYWIQT7iPp4V4MlV8pDQ4gJ5Si2EVCNxwUCZ7cm GQIbDAUJAeuklwAKCRAJ5Si2EVCNx46oAYCBSJ2D1KV6dlxuQPkVVlzRQy861cGU APyYwk9hWHipvPJ4YJ5aYx+BnDNXPux31ZUBf0xRCPgQND/JeHtrJlnij/EuNncD F9wAg33hHgmQPtKPLK9QLmMmMIKd+/wc+c9m9w==
=nMNB
-----END PGP PUBLIC KEY BLOCK-----
 

Include the evidence you gathered as clear as possible

  • Affected product/service and firmware/software version.
  • Step-by-step reproduction instructions (PoC, screenshots, logs).
  • Potential impact assessment (e.g., data exposure, privilege escalation).
  • Your contact information (optional, if you seek acknowledgment).
 

What We Expect from Vulnerability Reporters

  • Act ethically and legally; do not exploit vulnerabilities beyond necessary proof-of-concept testing.
  • Do not access, modify, or destroy user data or disrupt services.
  • Do not publicly disclose the vulnerability before Gemtek has had time to issue a fix based on industry best practices.
 

What You Can Expect from Us

  • Acknowledgment of your report within 5 business days.
  • Investigation and triage of the issue, with status updates within 30 days.
  • Resolution timeline: We will work to remediate verified vulnerabilities within a reasonable timeframe and notify you upon the release of a fix.
  • Recognition: We may publicly credit you for responsible disclosure in case we are authorized to Issue a press release by the stakeholders.
 

Safe Harbor

Gemtek will not take legal action against researchers/white hat hackers who:

  • Follow this policy ethically and in good faith.
  • Avoid violating privacy, causing harm, or disrupting services.
 

Acknowledgments & Recognition

We greatly appreciate the security research community for helping us enhance the security of our products and customers. If you’d like to be publicly recognized for your contribution, please let us know.

Thank you for cooperating with Gemtek to strengthen security in the telecommunications and connected devices industry!