Security and Vulnerability Disclosure

Effective date: 30/12/2025

Wavertech Ltd. is committed to maintaining the security of our products, firmware, and services. We welcome responsible disclosure of security vulnerabilities and work with researchers, customers, and authorities to identify, validate, and remediate issues in a coordinated manner.

 

Scope

This policy applies to the following Wavertech assets:

  • WAVER hardware products and appliances
  • WAVER OS firmware and device software
  • Official Wavertech websites and online services
  • Cloud services operated directly by Wavertech, where applicable

Third-party services, customer-managed infrastructure, and external integrations are out of scope unless explicitly stated.

 

Reporting a Security Vulnerability

If you believe you have discovered a security vulnerability, please report it responsibly.

Preferred contact:
Email: [email protected]

If this address is unavailable, reports may be sent to: [email protected] (please include “Security” in the subject line).

When reporting, please include as much of the following information as possible:

  • Product name and model
  • Firmware or software version
  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Relevant logs, screenshots, or proof of concept

 

Coordinated Disclosure

Wavertech follows a coordinated vulnerability disclosure process:

  • We acknowledge receipt of valid reports within a reasonable timeframe
  • We investigate and validate reported issues
  • If confirmed, we work to develop and release a fix or mitigation
  • Disclosure timing may be coordinated with the reporter and relevant authorities

We request that vulnerabilities are not publicly disclosed before a fix or mitigation is available, or before disclosure is coordinated.

 

Safe Harbor

Security research conducted in good faith and in accordance with this policy is considered authorized.

Wavertech will not pursue legal action against researchers who:

  • Avoid privacy violations, data destruction, or service disruption
  • Do not access or modify customer data beyond what is necessary to demonstrate impact
  • Do not exploit vulnerabilities for financial gain
  • Promptly report vulnerabilities using the channels described above

 

Prohibited Activities

  • Denial of service attacks
  • Social engineering or phishing of employees or customers
  • Physical attacks against facilities or hardware
  • Accessing or exfiltrating customer data beyond minimal proof
  • Exploiting vulnerabilities for personal or commercial gain

 

Security Updates

When applicable, security vulnerabilities are addressed through firmware or software updates. Customers are responsible for applying updates in a timely manner to maintain system security.

 

Counterfeit and Unauthorized Products

This policy applies only to genuine Wavertech and WAVER products. If a vulnerability is discovered in a suspected counterfeit, cloned, or modified product, please include relevant details so we can assist in verification.

 

Contact

For questions related to this policy, please contact: [email protected]

Shopping cart0
There are no products in the cart!
Continue shopping