Corporate
Language
Display & Control Transmission Software Fire Alarms
Logo

Logo

Hot Searches

WIM

WIM

Higher Education

Higher Education

Vehicle Entrance & Exit Management

Vehicle Entrance & Exit Management

Network Cameras

Network Cameras

Quick Links

City Business

Traffic Management

Fire Lane Parking Detection

Newsroom

Together for a Sustainable Future: Dahua Showcases Smart City Solutions at Smart City Expo World Congress (SCEWC) 2025

2025-11-12

Together for a Sustainable Future: Dahua Showcases Smart City Solutions at Smart City Expo World Congress (SCEWC) 2025

Security Technologies

Home
About Dahua
Trust Center

Dahua PSIRT

Safety-Related Documents

  • Security Advisories
  • Security Notices
    Report a vulnerability

    We encourage users, partners, suppliers, security organizations and independent researchers to actively report to Dahua PSIRT by email any security risks or vulnerabilities related to Dahua products and solutions. Due to the sesitivity of vulnerability information, we recommended to use our PGP public key (Key ID: 0xC6068E4B; PGP Fingerprint: 61769A82F67E062CA46C19A6DEA2F8C6068E4B) and report it to psirt@dahuatech.com. In order to facilitate timely verification and location of vulnerabilities, the content of the email should include the following:


    1. Organization/Title and Contact Information
    2. Description of potential security risks/vulnerabilities
    3. Technical details (e.g. system configuration, positioning method, description/screenshot of exploit, sample captured images, POC, steps to reproduce problems, etc.)
    4. Report the product name, model and software/firmware version where the security risks/vulnerabilities are located.
    5. Possible vulnerability disclosure plan
    Report a vulnerability
    How we deal with vulnerabilities

    Dahua PSIRT will strictly control the scope of vulnerability information and limit it to the relevant personnel who only deal with vulnerabilities; At the same time, the vulnerability reporter is also required to keep this vulnerability confidential until it is publicly disclosed.


    Dahua PSIRT discloses security vulnerabilities in the following two forms:


    1. SA (Security Advisory): for the release of information about security vulnerabilities related to Dahua products and solutions, including but not limited to vulnerability descriptions, fixes, etc.
    2. SN (Security Notice): for the responses to security topics related to Dahua products and solutions, including but not limited to vulnerabilities and security incidents.


    Dahua PSIRT adopts CVSSv3 standards, and gives a Base Score and a Temporal Score for each security vulnerability assessment. Customers can also make their own Environmental Score according to their needs.
    For specific CVSSv3 standards, visit this link: https://www.first.org/cvss/specification-document
    How we deal with vulnerabilities
    Our responses to vulnerabilitie
    Receive

    Receive

    Receive and collect suspected security vulnerabilities of products

    Verify

    Verify

    Coordinate with relevant teams to conduct vulnerability verification and risk rating

    Repair

    Repair

    Analyze the cause of vulnerability and implement the vulnerability repair

    Disclose

    Disclose

    Actively disclose vulnerability information and release fixed firmware

    Improve

    Improve

    Improve vulnerability scanning capability and transform to product security requirements

    Dahua Partner APP

    Now with a fresh new look and lots of added features. Download the app today and enjoy your all-in-one business platform at your fingertips

    logo Download

    Please select your question