Security vulnerabilities are the defects or weaknesses that may threaten the confidentiality, integrality, availability, access control, and monitoring mechanism of a system or an application.
We suggest you report ZTE security vulnerabilities to ZTE PSIRT mailbox firstname.lastname@example.org and use our PGP public key (key ID：FF095577
) to encrypt the sensitive information. You are also recommended to use your own PGP key to ensure the security of information exchange.
Please include but not limited to the following information in your email for verifying a vulnerability:
Affected products and versions (including product names, types, version numbers, origins, and locations)
Rate (high, medium or low according to the scope and severity)
Detailed description (technical details such as system configurations, proof of concept, how the vulnerability was found, specific tools or techniques used, and impacts of exploiting the vulnerability)
Exploitation (whether the vulnerability has been exploited, and whether the exploitation is publicly available)
Contact information of the reporter
For general problems of ZTE products, please refer to the ZTE Support website for help. For internal security issues, please use SOC to report to ZTE PSIRT.