ZTE Product Security Incident Response Team (PSIRT)


ZTE Product Security Incident Response Team (PSIRT) receives, handles, and discloses security vulnerabilities related to ZTE's products and solutions, and is the only channel to disclose vulnerabilities. The PSIRT is also responsible for responding to and handling customer-reported security incidents, formulating ZTE's information security incident management policies and handling plans, and analyzing vulnerabilities and patches released by cybersecurity vendors and system software providers.


ZTE encourages cybersecurity researchers, industry organizations, and suppliers to report security vulnerabilities related to our products to ZTE PSIRT. Please contact us by sending email to


We suggest you use our PGP public key (key ID:FF095577) to encrypt the sensitive information before sending it to ZTE.



+ Vulnerability Response Process


The time for completing a vulnerability response process depends on the scope of the vulnerability.


If you report a vulnerability to ZTE, we assume that you agree to keep the information confidential before ZTE discloses the information. Likewise, ZTE is committed to keeping the sensitive information secret for customers before repairing and disclosing the vulnerability.


ZTE uses the CVSSv3 to score and rate each vulnerability. Reporters can also score/rate vulnerabilities for our reference.


ZTE uses CVE (Common vulnerabilities and Exposures) and CWE (Common Weakness Enumeration) to quote public vulnerabilities outside ZTE's official website.


ZTE reserves the rights for releasing vulnerability reports.



+ ZTE Bug Bounty Program


ZTE is committed to continuously improving security of its products and services to provide users with secure and reliable service experience, so we have set up two bug bounty programs according to product categories.


We welcome security researchers/organizations to report security vulnerabilities in our products and services to us. We promise to follow up and respond to your reported security vulnerabilities as soon as possible.


ZTE has been cooperating with with GSMA Coordinated Vulnerability Disclosure (CVD) programme to eliminate and mitigate vulnerabilities which are standards-related, for such vulnerabilities you may consider also submitting to GSMA CVD.


You can find more information at Bug Bounty Program for ZTE Web Application Systems and Bug Bounty Program for ZTE Products.