Cancel
IoT Product
Vulnerability
Review
Steps
2/3

IoTSF Vulnerability report: {dateTime}

Step 2: The Vulnerability

* indicates a required field

When did you discover the vulnerability? *

Provide an approximate date when you became aware of the vulnerability

Discovery date
Please enter the date of discovery
Please enter a date in YYYY-MM-DD format e.g. 2016-01-11
Technical description of the vulnerability *

e.g. what actions were being performed, the functional impact of the vulnerability, how to identify or reproduce it, how it could be used in an attack (max 1000 words)

{data.vulnerability:description | words}/1000 words
Please enter a description
Please enter a maximum of 1000 words
Connected devices

e.g. was the product connected to another device? could the vulnerability have been triggered by another device? or have follow-on efffects for another device? (max 1000 words)

{data.vulnerability:devices | words}/1000 words
Please enter a maximum of 1000 words
Proof of concept code and attachments

Note: if you have any 'proof of concept' source code or other materials, you can add further attachments at the end of this report.

What was the system configuration at the time of discovering? (optional)

Describe how relevant parts of the IoT's system (e.g. device, software, app) were configured.

Were other parties involved? *
{item} - other parties were not involved
Please confirm whether other parties were involved
More information about other parties (optional)

Given that other parties were involved can you please provide more information

Please give further details about thirdparties
What do you think this vulnerability poses a threat to? *

Select all that apply

Please select at least one value
Threat - Other (optional)

Please provide more information

What level of risk do you think this issue poses? *

e.g. to the device's core functions, users, data, or networks

{item}
e.g. likely to have little impact on privacy, saftey, core functions, etc.
e.g. likely to have moderate impact on privacy, safety, core functions, etc.
e.g. likely to have significant impact on privacy, safety, core functions, etc.
e.g. likely to have significant impact on the IoT product and/or service as a whole.
Please select the level of risk
Is an exploit publicly available at this time? *

e.g. in another forum

{item}
Please select a value
Link to exploit (optional)

Please provide link to any public reference to the exploit or discussion

Do you believe the vulnerability is being exploited now? *
{item}
Please select a value

This section is not yet complete

This section looks complete

Top