Netgem Security Vulnerability Submission Policy
Netgem encourages security researchers, professionals, and industry organisations to proactively report security vulnerabilities discovered in our products. Your efforts help us continuously improve and enhance the security of Netgem products and services, including PLEIO and Netgem TV devices.
If you discover a security vulnerability, please report it promptly to security-report@netgem.com
How to Submit a Report
Submissions can be made via email to: security-report@netgem.com.
Submission Scope: Products currently within the scope of Netgem’s service and support, including all PLEIO and Netgem TV devices. Excluded: Discontinued or unsupported products.
🔗 Download Netgem PSTI Declaration of Support (PDF)
Confidentiality and Encryption
Security vulnerabilities are sensitive information. To ensure confidentiality, we strongly recommend encrypting your report using our PGP public key before sending it.
- Netgem PGP Public Key: *(Insert Netgem’s PGP Public Key ID here, e.g., Key ID: [Your Key ID])*
Email Subject
Please use a clear and structured subject line:
- Format: [Product Name/Type – Concise Vulnerability Description]
- Example: [PLEIO STB – Buffer Overflow in Wi-Fi Module]
Required Report Content
To enable us to quickly verify and resolve the vulnerability, your submission must contain the following required information, adapted from our reporting template.
1. Submitter Information
| Field | Requirement |
| Reporter/Network Name | Your name or the name you wish to be credited as. |
| Organisation/Team | Your affiliation (optional). |
2. Vulnerability Details (Mandatory)
| Field | Requirement |
| Vulnerability Description | Must include the vulnerability type, root cause, exploitation method, and the potential security risk it poses. |
| Affected Products | Provide detailed product name, module information, version information, and the specific location of the vulnerability. |
| Vulnerability Rating | Provide detailed CVSS self-assessment information (text or screenshot is acceptable). |
| Self-Assessed Level & Score | Indicate the level (Severe, High, Medium, Low) and the CVSS Score. |
3. Proof of Concept & Remediation
| Field | Requirement |
| Vulnerability Reproduction Steps | Provide a detailed, step-by-step description of the reproduction process using text, screenshots, or diagrams (recommend submitting a video). If a Proof of Concept (PoC) is available, please submit it as well. |
| Attack Scenario | Describe how an attacker can successfully exploit the vulnerability, including preconditions and process constraints. If an Exploit is available, please provide it. |
| Fix Suggestions | If you know of a repair method or have seen industry best practices that could help us resolve the issue, please include them. |
4. PoC/Exploit Requirements
If you submit a PoC or Exploit, please ensure it meets the following criteria:
- It must be a complete and compilable PoC or Exploit that can successfully verify the submitted vulnerability.
- Include a compilation and operating environment description, covering the compiler name, version, compilation options, and operating system version.
- The PoC/Exploit execution results should be consistent with the report description.
Our Response Time Commitment
Vulnerabilities will be addressed as soon as we receive them. Generally, you will get an email of confirmation within 1 working day from submission; an email of verification within 7 working days;
We will also inform you of the latest progress during the vulnerability handling process.
Confidentiality and Disclosure
- Netgem’s Commitment: Netgem promises to keep sensitive vulnerability-related information confidential for our customers before the vulnerability is fixed and a security announcement is released.
- Researcher’s Commitment: Before Netgem proactively discloses the vulnerability or announces a fix, we hope that you will assume the obligation to keep the vulnerability information confidential.
Non-Security Issues
For issues or technical support requests not related to security vulnerabilities (e.g., service outages, feature requests, or device troubleshooting), please contact Netgem via our dedicated online Support portal on our website.