Vulnerability Reporting

      XiongMai Security Response Center (XMSRC)

      Potential security vulnerabilities can be reported to xiongmai  response center mailbox: XMSRCR@163.com.

      Since vulnerability information is sensitive, we strongly recommend using our PGP public key （key ID 0xD9CC2F13; PGP fingerprint: 0E40 5DF8 AC68 67F6 E337  D187 CC06 F055 D9CC 2F13) to encrypt potential security vulnerabilities when reporting to XMSRC and sending them directly to XMSRCR@163.com.

      To facilitate the validation and location of vulnerabilities, try to include, but are not limited to:

      1. organization, company name, address, contact information

      2. affected product model, version information

      3. Potential vulnerability description

      4. Equipment environment (network layout, network connection, etc.)

      5. technical details (equipment configuration,  troubleshooting methods, packet capture data, problem recurrence steps, problem screenshots, log information)

Vulnerability handling process

      Normally low and medium risk vulnerability problem processing cycle is within 7 working days, the specific repair cycle depends on the vulnerability problem severity, vulnerability recurrence difficulty, vulnerability information collection difficulty and optimization workload, so please submit detailed vulnerability information as much as possible.