Security vulnerabilities are defects or weaknesses that may threaten the confidentiality, integrity, availability, access control, and monitoring mechanism of a system and its applications and data.We suggest you report ZTE-related security vulnerabilities to ZTE PSIRT (firstname.lastname@example.org) and use our PGP public key (FF095577) to encrypt the sensitive information.
Please include the following information in your email for verifying a vulnerability:
Contact information of the reporter
Affected products/solutions and versions (including the product name, type, version number, origin, and location)
Description of potential vulnerabilities
Technical details of the vulnerability (such as system configurations, proof of concept, how the vulnerability was found, specific tools or techniques used, impacts of exploiting the vulnerability, or vulnerability verification video)
Potential vulnerability disclosure plan
To thank external vulnerability reporters, ZTE PSIRT launched its Bug Bounty Program to reward them. We welcome global security researchers/institutions to report security vulnerabilities to us.
For any questions or problems about ZTE products, you can also refer to the ZTE Support website for help.