LANGUAGE

Product Security Vulnerabilities

Welcome to the UAES Product Security page. UAES is firmly committed to providing secure

and reliable products, and encourages active participation from security researchers. We

provide emergency contact information so that you can reach out to us promptly if you

discover security vulnerabilities, helping us enhance the security of UAES products and

services

Vulnerability Reporting Process

If you believe you have identified a potential security vulnerability or security incident related

to UAES products, please follow the steps below to contact the UAES Product Security Incident

Response Team (PSIRT).

Vulnerability Discovery: Security researchers discover potential vulnerabilities in UAES

products.

Prepare Vulnerability Report: Security researchers detail information related to the

vulnerability in the report, including:

- Affected Products, including model and firmware versions (if applicable)

- Description of the vulnerability, including proof of concept, exploit code, etc.

- Public references (if any), please indicate whether the vulnerability has been publicly

disclosed

Secure Communication: To ensure the security of the report, it is recommended that security

researchers encrypt the vulnerability report using the provided PGP key.

- Encryption method: Use PGP for email encryption, and the encryption method

can be referred to GNUPG (FREE)

Submit Report: Send the encrypted vulnerability report to our PSIRT team email:

PSIRT@UAES.COM

Report Receipt Confirmation: UAES PSIRT team will send a confirmation email within 2

business days of receiving the vulnerability report to ensure that the researcher's report has

been received.

Vulnerability Verification: Our PSIRT team will promptly verify the vulnerability and confirm

its validity. If additional information is needed, PSIRT will further communicate with the

security researcher.

Acknowledgment and Reward: We express gratitude to the security researcher and

provide rewards or acknowledgments based on the severity of the vulnerability.

Responsible Disclosure

UAES encourages security researchers to responsibly disclose vulnerability

information. To allow UAES customers time for system upgrades and vulnerability

mitigation before potential impact due to vulnerability disclosure, please adhere to the

following principles:

Do Not Disclose Vulnerability Details: Please refrain from disclosing specific

details of the vulnerability until we release fix solutions to avoid potential abuse.

Avoid User Impact: Before the vulnerability is fixed, refrain from taking any actions

that may unnecessarily impact users.

Respect Timelines: Before publicizing information, provide UAES with a reasonable

amount of time to address the issue.

UAES appreciates the efforts of the reporting party in identifying vulnerabilities and

cooperating with us to ensure the security of UAES customers.