Report an Issue

For general security inquiries or to report a security issue in any Sierra Wireless product, please email security@sierrawireless.com.

Please do not include any vulnerability details in your initial email. We request the reporter keep any communication regarding the vulnerability confidential. Within 2 business days, you will receive a response using the contact information provided to arrange a secure environment for sharing information. If a response is not received within 2 business days, please follow up with us to ensure we’ve received your report.

To help us evaluate your submission as quickly as possible we request that you include the following information, if available:

• Vulnerability type (buffer overflow, integer overflow, …)
• Issue impact (arbitrary code execution, information disclosure, …)
• Affected product and version
• Instructions to reproduce the issue
• A proof-of-concept (PoC), if available

When we issue an advisory to disclose security vulnerabilities and related code modifications, we will identify the reporter to give credit for their discovery, unless the reporter requests otherwise.

Legal Posture

We accept reports for all Sierra Wireless systems and products.  We will not pursue legal action against individuals who report potential vulnerabilities to us, provided they act in good faith and in a manner consistent with responsible practices for vulnerability detection and reporting. We will generally consider your activities to be in good faith and responsible if you meet all of the following criteria:

• You test our systems and products in a way that does not harm Sierra Wireless or our customers, or affect our customers’ use of the system or product;
• You comply with the laws of your location and the locations where Sierra Wireless operates; and
• You report vulnerabilities to us promptly following discovery, and do not disclose the details to anyone else before a mutually agreed-upon timeframe has expired.

Sierra Wireless may amend or modify our policies relating to vulnerability reporting at any time, without notice.

*NOTE* Sierra Wireless does not currently operate a bug bounty program and does not issue payment for submissions.