Incompatible Devices - Emergency Calling (000) Update - more info here.

VULNERABILITY DISCLOSURE POLICY

Exetel take the security of our customers, networks and services seriously and are committed to safeguarding customer personal information by preventing unauthorised access or interruption to Exetel systems.

Introduction

This Vulnerability Disclosure Policy provides clear guidance for security researchers and members of the public who wish to responsibly report potential security issues.

We encourage you to contact us to report potential vulnerabilities in our systems.

Purpose

The purpose of this Vulnerability Disclosure Policy is to:

  • Clearly document our reporting procedure, our obligations, expectations and response

  • Encourage responsible vulnerability discovery and reporting

  • Provide a safe and clear channel for disclosure

  • Enable timely remediation of legitimate security issues

  • Build trust between our organisation, the general public and the security research community

Reporting Procedure

If you believe you have found a security vulnerability, please submit your report to us by email to vulnerability.disclosure@exetel.com.au with the following details:

  • The IP address, website or page where the vulnerability is present

  • A brief description of the vulnerability and its impact

  • A clear step-by-step description of how to reproduce the issue

  • Any supporting material such as screenshots, proof of concept code or HTTP requests

  • Your contact details for coordinated follow-up

You must

  • Notify us as soon as possible after you discover a real or potential security issue

  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems and destruction or manipulation of data

  • Stop testing immediately if you encounter customer data or system instability

  • Only use exploits to the extent necessary to confirm a vulnerability’s presence

  • Use non-destructive testing methods that do not impact service availability

  • Provide us with a reasonable amount of time to resolve the issue before you disclose it publicly

You must not

  • Break any applicable law or regulations

  • Exfiltrate, modify or delete data.

  • Attempt any form of denial of service or stress testing

  • Engage in social engineering, phishing or physical intrusion

  • Access or disrupt systems of our customers, partners or suppliers

  • Demand financial compensation for vulnerability disclosure

  • Submit a high volume of low-quality reports

  • Submit fraudulent or fake vulnerability disclosures

We will

  • Acknowledge receipt of your report within three business days.

  • Communicate and coordinate with you in a transparent and timely manner

  • Assess the report and validate the vulnerability to the best of our ability

  • Take corrective action within a reasonable timeframe and communicate any issues or challenges that may delay resolution

  • Notify you once remediation is complete and may publish a coordinated advisory for transparency (with credit where appropriate and permitted by you)

Questions

Questions regarding this policy may be sent to vulnerability.disclosure@exetel.com.au. We also invite you to contact us with suggestions for improving this policy.

© Copyright 2026 Exetel Pty Ltd. All rights reserved.

Privacy Policy|Terms of Service