We attach great importance to security issues and welcome all security researchers to report potential security vulnerabilities to us to improve the security of our products and services.
Incident Response
Report Vulnerabilities
If you find any vulnerabilities, please report them via email: hmxlight@gmail.com
Response Time After receiving the vulnerability you reported, we will send you vulnerability response related information within 7 days based on the platform you used to report the vulnerability, as follows:
1) We will send you a vulnerability response notice, information confirmation and feedback related to the vulnerability through the platform's internal messaging system. The progress of the vulnerability's solution development will also be continuously updated through the corresponding platform's internal messaging system or email as soon as possible.
2) For vulnerabilities reported via email, we will send you a vulnerability response notice, information confirmation and feedback related to the vulnerability via email. The progress of the vulnerability's solution development will also be continuously updated through email as soon as possible. *
Note: Actual vulnerability response time may vary depending on the risk level and complexity of the vulnerability.
Vulnerability Disclosure Instructions
Security Advisory (SA): When the vulnerability has been confirmed, we will disclose detailed information about the vulnerability and the corresponding fix within 180 days of completing the vulnerability analysis and developing a fix plan through a SA.
The models we provide services to you are:
BJ-5VRGB
BJ-WYD HS12Y-240050-AU
And the app name is:
MohuanLED
SymphonyLight
The service period we provide to you is: 2024/7/10-2025/7/10.
We do our best to provide continuous security updates for our products. Security updates usually include the latest security patches, security vulnerability fixes, and other security improvements.
Users can check the status of reported issues through hmxlight@gmail.com. We promise to continue to follow up on reported issues and update the status until the reported issues are resolved.
Note: The actual vulnerability disclosure time may be adjusted based on the disclosure plan of the publisher, the vulnerability solution development plan, the negative impact that the solution may bring, and the vulnerability disclosure plan of other service providers.
Vulnerability Response and Disclosure Process
Verification
Verify the vulnerability and confirm the exploitability and impact
Solution Development
Provide effective fix solutions or risk remediations measures
Affected Scope Confirmation
Investigate and confirm the complete scope of affected products
Release SA
Review and publish the security advisory for the security vulnerability
Recipient
Monitor and and assign received vulnerabilities in a timely manner