Report a vulnerability
We encourage users, partners, suppliers, security organizations and independent researchers to actively report to Dahua PSIRT by email any security risks or vulnerabilities related to Dahua products and solutions. Due to the sesitivity of vulnerability information, we recommended to use our PGP public key (Key ID: 0xC6068E4B; PGP Fingerprint: 61769A82F67E062CA46C19A6DEA2F8C6068E4B) and report it to psirt@dahuatech.com. Within two working days after receiving the report, Dahua PSIRT will confirm receipt of the vulnerability report and begin evaluating the issue. Within seven working days after receiving the report, Dahua PSIRT will address the issue and provide a conclusion. For some complicated issues, Dahua will promptly inform the progress of problem handling based on the situation and communicate with the reporter. In order to facilitate timely verification and location of vulnerabilities, the content of the email should include the following:
1. Description of potential security risks/vulnerabilities
2. Technical details (e.g. system configuration, positioning method, description/screenshot of exploit, sample captured images, POC, steps to reproduce problems, etc.)
3. Report the product name, model and software/firmware version where the security risks/vulnerabilities are located.
4. Possible vulnerability disclosure plan