If you discover a security vulnerability in Sumi firmware, please report it by opening a private security advisory on GitHub rather than opening a public issue.
We will acknowledge your report within 48 hours and provide a detailed response within 7 days.
| Version | Supported |
|---|---|
| 1.4.x | ✅ Yes |
| 1.3.x | |
| < 1.3 | ❌ No |
Sumi runs a local WiFi access point during setup. The default AP password (sumisetup) is intentionally simple for ease of use. Users should:
- Complete setup quickly
- Avoid storing sensitive data on the device
- Use the device on trusted networks only
- The setup portal runs over HTTP (not HTTPS) on the local network
- WiFi credentials are stored in NVS (non-volatile storage) on the device
- No encryption for SD card contents