sm md lg xl

EU Cyber Resilience Act (CRA) Vulnerability Reporting

Product Security Vulnerability Disclosure

We take the security of our products very seriously. If you believe you have discovered a vulnerability in any of our digital products (hardware or software), we encourage you to report it to us immediately through our Coordinated Vulnerability Disclosure (CVD) process. Your assistance is invaluable in helping us protect our customers and maintain compliance with EU regulations, including the Cyber Resilience Act (CRA).

How to Report a Vulnerability

To ensure that we can address the vulnerability as quickly and effectively as possible, please provide the following details in your report:

  1. Product Identification:
    • Product Name and Model Number
    • Software/Firmware Version
    • Date of Purchase (Optional)
  2. Vulnerability Details:
    • Type of Vulnerability (e.g., Cross-Site Scripting (XSS), Buffer Overflow, Authentication Bypass, etc.)
    • Description
    • Proof of Concept (PoC) / Steps to Reproduce. Detailed, step-by-step instructions that allow us to replicate the issue. Include any necessary code, configuration, or test data)
  3. Impact:
    • Potential Risk. Explain the security impact of the vulnerability.
    • Exploitation. State whether the vulnerability is actively being exploited (if known).
  4. Your Contact Information: (We need this to keep you informed of our progress)
    • Name (Optional)
    • Email Address
    • Preferred communication channel (Optional)

IMPORTANT NOTE: Do not publicly disclose the vulnerability until we have had a reasonable time to address it. We commit to working with you under a standard CVD timeline.

Submission

Please send your complete report here.

We strongly encourage you to use our PGP/GPG public key (available for download [Link to Public Key]) to encrypt your report for secure submission.

Our Commitment and Process

Under the EU Cyber Resilience Act (CRA), we are committed to rapid response and coordinated disclosure.

  1. Acknowledgement: We will acknowledge receipt of your report within 3 business days.
  2. Investigation & Remediation: Our security team will validate the vulnerability and prioritize a fix.
  3. Communication: We will keep you updated on the status of our investigation and resolution efforts.
  4. Disclosure: Once a patch or update is available, we will coordinate public disclosure with you, ensuring our customers are protected.

If the vulnerability constitutes an actively exploited security flaw or a serious incident, we are obliged under the CRA to report it to the relevant EU national authorities (e.g., ENISA, CSIRTs) within 24 hours of becoming aware of it.