At KUNBUS, we place great importance on the security of our systems and data. We recognize that security vulnerabilities can occur and appreciate the support of security experts and researchers who help us identify and address them. Our Responsible Disclosure Policy outlines how you can responsibly report security vulnerabilities and what you can expect from us.
Go to Responsible Disclosure Policy
Let us know your Revolution Pi / KUNBUS related security issues – For a secure transmission of your information to our e-mail address product-security(at)kunbus.com we provide a GPG key for end-to-end encryption.
KUNBUS GPG key
User-ID: KUNBUS GmbH Product Security <product-security@kunbus.com>
Validity: until December 31st, 2025
Key Type/Size: OpenPGP, RSA 4096-Bit
Key fingerprint: B484B6F71F2CD32BCCDF7C04C0027DE5D2D76A5F
https://psirt.kunbus.com/.well-known/csaf/openpgp/B484B6F71F2CD32BCCDF7C04C0027DE5D2D76A5F.asc
You can download our public key under the following link:
Published security advisories
06.06.2025
Kunbus-2025-0000004: Dangerous default file permissions
09.05.2025
Kunbus-2025-0000003: Authentication Bypass in RevPi Webstatus
02.04.2025
Kunbus-2025-0000002: Missing Authentication in Node-RED integration
02.04.2025
Kunbus-2025-0000001: Authentication Bypass and XSS in PiCtory
19.09.2024
Kunbus-2024-0000001: Security Issues in Webstatus
21.12.2022
Revolution Pi: Multiple Authentication Vulnerabilities in webstatus Package
03.01.2022
Security notice for Revolution Pi base modules
04.03.2019