Reporting Suspected Vulnerabilities

If you encounter or find a suspected vulnerability in Huawei products, we would appreciate it if you could quickly inform our PSIRT. Please report suspected vulnerabilities through specified channels in accordance with the security mechanisms.

Vulnerability Reporting Channels

Please report suspected vulnerabilities using this template.

Please report suspected vulnerabilities in Huawei products via email. Huawei PSIRT is ready to respond immediately to any suspected vulnerabilities reported by security researchers, industry organizations, customers, and suppliers.

Security Mechanism

Vulnerability information is sensitive. To ensure confidentiality, you are advised to encrypt the information sent to [email protected] using Pretty Good Privacy (PGP). You can click here to obtain Huawei's PGP public key (key ID: 0x058FBDFC; PGP fingerprint: D0D8 6234 08CF ED7E 39B8 1C71 21A2 3355 058F BDFC).

Throughout the vulnerability handling process, Huawei PSIRT strictly ensures that vulnerability information is transferred only between relevant handlers. We sincerely request you to keep the information confidential until a complete solution is available to our customers.

Response Scope

Huawei PSIRT is dedicated to receiving all vulnerabilities related to Huawei products. To obtain technical support for issues about Huawei products (such as issues regarding product configuration, how to obtain patches, and live-network vulnerability fixing), please contact Huawei Technical Assistance Center (TAC). Vulnerabilities identified by TAC during technical support are handled according to Huawei's internal processes.

If you are a customer of Huawei Carrier BG, click here.

If you are a customer of Huawei Enterprise BG, click here.

If you are a customer of Huawei Consumer BG, click here.

If you are a customer of Huawei Cloud, click here.

If you are a customer of HiSilicon (Shanghai), click here.

Updated 2022.1.18