ZTE Product Security Incident Response Team (PSIRT) receives, handles, and discloses security vulnerabilities related to ZTE's products and solutions, and is the only channel to disclose vulnerabilities. The PSIRT is also responsible for responding to and handling customer-reported security incidents, formulating ZTE's information security incident management policies and handling plans, and analyzing vulnerabilities and patches released by cybersecurity vendors and system software providers.

ZTE encourages cybersecurity researchers, industry organizations, and suppliers to report security vulnerabilities related to our products to ZTE PSIRT. Please contact us by sending email to psirt@zte.com.cn.

We suggest you use our PGP public key (key ID:FF095577) to encrypt the sensitive information before sending it to ZTE.

  • Vulnerability Response Process
  • Security Bulletins
  • ZTE Bug Bounty Program
  • ZTE Bug Bounty Bulletins
Vulnerability Response Process
Vulnerability Response Process

The time for completing a vulnerability response process depends on the scope of the vulnerability.

If you report a vulnerability to ZTE, we assume that you agree to keep the information confidential before ZTE discloses the information. Likewise, ZTE is committed to keeping the sensitive information secret for customers before repairing and disclosing the vulnerability.

ZTE uses the CVSSv3 to score and rate each vulnerability. Reporters can also score/rate vulnerabilities for our reference.

ZTE uses CVE (Common vulnerabilities and Exposures) and CWE (Common Weakness Enumeration) to quote public vulnerabilities outside ZTE’s official website.

ZTE reserves the rights for releasing vulnerability reports.

Security Bulletins
Security Bulletins

Insisting on the principle of being open and transparent, ZTE ensures that it exposes potential product vulnerabilities, including final solutions, to customers in a timely manner.

As a member of the FIRST and a CVE Numbering Authority (CNA), ZTE is dedicated to publishing vulnerability exposures jointly with customers and stakeholders in a more open manner. Relevant exposures can be found on CVE and ZTE website.

Click  Bulletin -Security Bulletins for more information.

ZTE Bug Bounty Program
ZTE Bug Bounty Program

ZTE is committed to continuously improving security of its products and services to provide users with secure and reliable service experience, so we have set up two bug bounty programs according to product categories.

We welcome security researchers/organizations to report security vulnerabilities in our products and services to us. We promise to follow up and respond to your reported security vulnerabilities as soon as possible.

ZTE has been cooperating with GSMA Coordinated Vulnerability Disclosure (CVD) programme to eliminate and mitigate vulnerabilities which are standards-related, for such vulnerabilities you may consider also submitting to GSMA CVD.