Weintek Technology Corp. ("Weintek") is committed to helping ensure the security of its products and the operational security of its customers. We encourage good-faith reporting parties to report potential security vulnerabilities that may affect Weintek products through the channels described on this page.
To reduce the risk that customers face from zero-day situations, Weintek supports coordinated vulnerability disclosure and, in the spirit of IEC 62443-4-1, tracks, analyzes, remediates, and discloses confirmed security vulnerabilities.
Weintek is prepared to work in good faith with individuals who submit vulnerability reports in accordance with this policy. Weintek does not intend to initiate legal action or request law-enforcement action against individuals for their security testing or vulnerability reporting activities, provided that they:
To report a security issue that may affect a Weintek product, please submit the vulnerability report form or contact Weintek through the dedicated mailbox: psirt@weintek.com.
Weintek accepts anonymous reports. To help protect sensitive vulnerability information from disclosure, reporting parties are strongly encouraged to use the PGP public key [8D84 07B7 D03D B864 3FBC B996 C566 3499 05B1 D7A1] to encrypt report contents during transmission. Weintek will respond to received reports within seven business days, with Taipei, Taiwan as the reference time zone.
To help us validate the issue quickly, please provide as much of the following information as possible:
Weintek does not require reporting parties to sign a nondisclosure agreement (NDA) before submitting a vulnerability report. For good-faith security research and reporting that meets the following conditions, Weintek does not intend to initiate legal action or request law-enforcement action against individuals for their security testing or vulnerability reporting activities:
Prohibited Actions: To protect customers and third parties, reporting parties must not engage in the following activities:
If, during testing, the reporting party accidentally accesses non-public data, causes service impact, or discovers an issue that may create immediate risk, the reporting party must immediately stop testing, avoid further access to or sharing of data, and report the matter to Weintek without delay.
After Weintek confirms receipt of the report, Weintek will create a tracking case for the vulnerability and, if needed, request additional information from the reporting party. Weintek will evaluate whether the report constitutes a product security issue and analyze the affected scope, reproduction conditions, severity, and customer risk.
Weintek will work with the responsible teams to determine fixes, updates, configuration changes, mitigations, or other risk-reduction measures. During this time, Weintek will maintain regular communication with the reporting party to provide current status updates and help ensure that the reporting party understands Weintek's handling status and expected timeline. If available, pre-release software fixes may be provided to the reporting party for verification.
After the issue has been successfully analyzed and, if necessary, a fix is required to address the vulnerability, Weintek will develop the corresponding fix and prepare it for release. Weintek will use existing customer notification processes to manage the release of patches.
Security advisories may, as appropriate, include the vulnerability description, CVSS score, CVE identifier, affected products and versions, fixed versions, mitigation measures, compensating controls or workarounds, recommended customer actions, and a clear publication date.