Exposed Debug Endpoints on
Incident Report for The Things Network
Security researcher Vedant Tekale reported that our server configuration exposed debug endpoints on, a discontinued project for packaging gateway firmware and configuration. These debug endpoints could give attackers information about the inner workings of our systems, which may be used for more directed attacks. Since this project was already discontinued for a while, we decided to remove completely.

We would like to thank Vedant Tekale for responsibly disclosing this issue and making The Things Network a safer place.
Posted Aug 31, 2020 - 15:00 CEST