Vulnerability Reporting

      XiongMai Security Response Center (XMSRC)

      Potential security vulnerabilities can be reported to xiongmai  response center mailbox:

      Since vulnerability information is sensitive, we strongly recommend using our PGP public key (key ID 0xB013B782; PGP fingerprint: 69D4 977A 0BA6 F7B8 E786  4E74 05A8 31E2 B013 B782) to encrypt potential security vulnerabilities when reporting to XMSRC and sending them directly to

      To facilitate the validation and location of vulnerabilities, try to include, but are not limited to:

      1. organization, company name, address, contact information

      2. affected product model, version information

      3. Potential vulnerability description

      4. Equipment environment (network layout, network connection, etc.)

      5. technical details (equipment configuration,  troubleshooting methods, packet capture data, problem recurrence steps, problem screenshots, log information)

Vulnerability handling process


      Normally low and medium risk vulnerability problem processing cycle is within 7 working days, the specific repair cycle depends on the vulnerability problem severity, vulnerability recurrence difficulty, vulnerability information collection difficulty and optimization workload, so please submit detailed vulnerability information as much as possible.