Security at FoxIoT
FoxIoT takes the security of its products seriously. This page provides information about how to report security vulnerabilities and how we handle them.
Report a Vulnerability
Contact: security@foxiot.eu
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce
- Affected product and version (if known)
- Potential impact
- Your contact information (for follow-up)
Coordinated Vulnerability Disclosure Policy
Scope — Included
- Wolf Gateway hardware
- FoxIoT bootloader/firmware/software (Wolf-OS and Wolf-App)
- FoxIoT web properties
Scope — Excluded
- Third-party applications on Wolf-OS
- Third-party cloud services
- Social engineering/phishing/physical attacks
- DoS attacks on production systems
Our Commitments
Acknowledge your report
Within 48 hours (business days)
Initial assessment
Within 10 business days
Progress updates
At least every 30 days until resolved
Credit
In advisory upon fix publication (optional)
Disclosure Timeline
FoxIoT targets a 90-day disclosure window. For critical vulnerabilities, we provide:
- 24-hour interim guidance
- 7-day fix target
Safe Harbour
Researchers acting in good faith receive legal protection, provided they:
- Avoid privacy violations
- Avoid data destruction
- Avoid service disruption
- Disclose to us before public release
Security Advisories
No advisories published yet.
Wolf-App Mitigation Guidance
- Backup configuration via Wolf-App UI System menu
- Configure WireGuard VPN before closing ports
- Close HTTP Port 5080 via Firewall rules
- Close SSH Port 22 if affected
- Verify device isolation (UI unreachable, SSH refused, ping responsive, VPN functional)
- Check firmware version in System menu or via
cat /VERSION - Apply firmware update when available via System > Firmware Upload
Best Practices
- Always use WireGuard VPN for remote access
- Close ports 22 and 5080 on eth0 after VPN setup
- Place device on separate network segment
- Do not expose directly to internet
- Keep firmware updated
LTE/4G Note: If your Wolf Gateway uses the LTE modem for connectivity, the device is already protected against incoming connections.
Default Firewall Configuration
| Interface | Policy | Details |
|---|---|---|
| Default | DROP | All incoming blocked unless explicitly allowed |
| WireGuard | ACCEPT | Fully trusted VPN interfaces |
| Ethernet (eth0) | Mixed | SSH (22) and HTTP (5080) open only |
| LTE (usb0) | DROP | All incoming blocked |
| ICMP | ACCEPT | Ping allowed |
| Outgoing | ACCEPT | All outgoing allowed |
Contact
- Security: security@foxiot.eu
- General: info@foxiot.eu
- Machine-readable: security.txt