Reporting Suspected Vulnerabilities
If you encounter or find a suspected vulnerability in Huawei products, we would appreciate it if you could quickly inform our PSIRT. Please report suspected vulnerabilities through specified channels in accordance with the security mechanisms.
Vulnerability Reporting Channels
Please report suspected vulnerabilities using this template.
Please report suspected vulnerabilities in Huawei products via email. Huawei PSIRT is ready to respond immediately to any suspected vulnerabilities reported by security researchers, industry organizations, customers, and suppliers. To encourage vulnerability reporting, Huawei has established a Bug Bounty Program.
Vulnerability information is sensitive. To ensure confidentiality, you are advised to encrypt the information sent to email@example.com using Pretty Good Privacy (PGP). You can click here to obtain Huawei's PGP public key (key ID: 0xE8098249; PGP fingerprint: D896 0828 44DF 62A5 6E6A 9EC9 AD40 C690 E809 8249).
Throughout the vulnerability handling process, Huawei PSIRT strictly ensures that vulnerability information is transferred only between relevant handlers. We sincerely request you to keep the information confidential until a complete solution is available to our customers.
Huawei PSIRT is dedicated to receiving all vulnerabilities related to Huawei products. To obtain technical support for issues about Huawei products (such as issues regarding product configuration, how to obtain patches, and live-network vulnerability fixing), please contact Huawei Technical Assistance Center (TAC). Vulnerabilities identified by TAC during technical support are handled according to Huawei's internal processes.
If you are a customer of Huawei Carrier BG, click here.
If you are a customer of Huawei Enterprise BG, click here.
If you are a customer of Huawei Consumer BG, click here.
If you are a customer of Huawei Cloud, click here.
If you are a customer of HiSilicon (Shanghai), click here.