Discovered a security vulnerability?

Tell us about it

At Ei Electronics we realise that security is a process and not a destination. So If you have discovered something you believe to be a security vulnerability effecting or products or process please report it via SmartLINKVulnerabilities@eielectronics.com.

We treat all reports with high priority and investigate all issues directly with the reporter as quickly as possible. When you make a report, please do so in English via SmartLINKVulnerabilities@eielectronics.com and include the following information if applicable:

Target – Ei Electronics server identified by IP address, hostname, URL, etc.,or the Ei Electronics product, including the version number.

Type of issue – The type of vulnerability (e.g., cross-site scripting, buffer overflow, SQL injection, etc.) with general description.

Proof-of-concept or URL demonstrating the vulnerability: A demonstration or evidence of the vulnerability.

We will acknowledge receipt of your report within 48 hours. You will receive status updates every 2 weeks, or as significant progress is made during the investigation. We aim to resolve or mitigate verified vulnerabilities within 30 days, but this timeframe may vary based on the complexity of the issue.

All follow-up communication will be handled via the email address SmartLINKVulnerabilities@eielectronics.com. If any additional contacts or details are required, we will notify you.

This policy is designed to be compatible with common good practice among well-intentioned security researchers. It does not give you permission to act in any manner that is inconsistent with the law, or which might cause the Ei Electronics to be in breach of any of its legal obligations, including but not limited to (as updated from time to time):
The General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act 2018.

Ei Electronics affirms that it will not seek prosecution of any security researcher who reports any security vulnerability on an Ei Electronics service or system, where the researcher has acted in good faith and in accordance with this disclosure policy.