Report a vulnerability
We encourage users, partners, suppliers, security organizations and independent researchers to actively report to Dahua PSIRT by email any security risks or vulnerabilities related to Dahua products and solutions. Due to the sesitivity of vulnerability information, we recommended to use our PGP public key (Key ID: 0xC6068E4B; PGP Fingerprint: 61769A82F67E062CA46C19A6DEA2F8C6068E4B) and report it to psirt@dahuatech.com. In order to facilitate timely verification and location of vulnerabilities, the content of the email should include the following:
1. Organization/Title and Contact Information
2. Description of potential security risks/vulnerabilities
3. Technical details (e.g. system configuration, positioning method, description/screenshot of exploit, sample captured images, POC, steps to reproduce problems, etc.)
4. Report the product name, model and software/firmware version where the security risks/vulnerabilities are located.
5. Possible vulnerability disclosure plan