Vulnerability Reporting

Product Security Incident Response Team (PSIRT hereafter) is an integral part of Dahua CyberSecurity Center (DHCC).

Dahua PSIRT is responsible for receiving, processing and disclosing Dahua product and solution related security vulnerability. It is the designated window to release information about Dahua product vulnerability. Dahua encourage end user, partner, supplier, government agency, industry association and independent researcher to report potential risk or vulnerability to PSIRT by email.

Security vulnerability is a weakness or defect in the design, implementation, operation or management of a system that can be exploited to breach system security policy (RFC4949).

Please direct the email to Owing to the sensitive nature of vulnerability information, we strongly suggest reporter to use our PGP public key (key ID 0xC6068E4B; PGP fingerprint: 6176 9A82 F67E A062 CA46 C19A C6DE A2F8 C606 8E4B) to encrypt the email content.

Please include at least the following information in the email
● Organization/name, means of contact
● Products or solutions and versions affected
● Description of the potential vulnerability
● Supporting technical details (such as system configuration, traces, description of exploit/screen capture, sample packet capture, proof of concept, steps to reproduce the issue)
● Information about known exploits
● Disclosure plans, if any