Foreword

Solis Product Security Incident Response Team (PSIRT) is a dedicated team responsible for receiving, verifying and disclosing vulnerabilities related to Solis products. Solis defines a vulnerability as a security issue that may have an impact on the confidentiality, integrity and availability of a product. If you become aware of a potential security vulnerability in our products, please report it to us immediately. We will address and fix all security vulnerabilities in a quick and careful manner to protect the security and privacy of our users.

Product Scope

To ensure that we are able to address and remediate security vulnerabilities in a timely and effective manner, our Vulnerability Disclosure Policy only applies to product lines that are still in the product security update cycle. Please note that products that have passed their security update termination date are not covered by this policy. For more information on the Product Security Update Cycle Policy, please refer to Product safety update cycle policy.

Vulnerability Reporting

We encourage and welcome all security researchers, vendors and users to report possible security vulnerabilities to Solis PSIRT. If you have discovered a potential vulnerability or other security issue with our products, please send the details of the vulnerability you have discovered via e-mail directly to the official Solis PSIRT e-mail address monitoring-service@ginlong.com. In order to ensure timely response and handling, we strongly recommend that you use our designated email address for vulnerability reports, please do not send reports through other email addresses. Please ensure that your report contains the following:

● A clear and relevant title;

● The specific product model, software version, etc.;

● Vulnerability specific information and details of the impact of the issue;

● Any information that may help to reproduce or diagnose the problem.

Until we fix the vulnerability and release a security advisory, please keep any information related to the vulnerability you discover confidential. Please do not send vulnerability reports and related information to other users or companies to ensure that the vulnerability is not misused.

Response Objectives

When you submit a report, we are committed to maintaining open and prompt communication with you during the vulnerability report handling process and provide the following commitments:

● Typically, you will receive an information confirmation email from Solis PSIRT within 2 business days with further communication on vulnerability details. ● Typically, you will receive a Vulnerability Acceptance Confirmation email from Solis PSIRT within 5 business days, and include our severity level assessment of the vulnerability and initial resolution in the confirmation. If we do not accept the report, we will provide a detailed explanation of our reasoning and will continue to receive new information in response to the report and reassess its validity. ● During the vulnerability remediation process, we will promptly update you via email on the progress and status of the vulnerability remediation. ● Upon successful remediation of a reported vulnerability, we will notify you and invite you to confirm that the solution remediates the vulnerability. Your feedback is critical to the continuous improvement of our products.

Vulnerability severity level assessment and remediation time

*Note that the above vulnerability remediation time is counted from the date the vulnerability is accepted and confirmed. Some vulnerabilities are subject to hardware and other conditions, and the final remediation time will be determined based on the actual situation.

Release Date

April 15, 2024

Version: 1.0

We may update the Vulnerability Disclosure Policy irregularly. Please

review the latest policy before submitting a vulnerability report.