Security Response Center
About VSRC
The VStarcam Security Response Center is dedicated to safeguarding product and user data security, working hand-in-hand with security researchers to build a safer IoT ecosystem.
Our Mission
As a leading global provider of smart security solutions, VStarcam considers product security a core responsibility. VSRC handles the receipt, processing, and response of vulnerability reports from external researchers and users.
Collaboration
We invite security researchers worldwide to participate in vulnerability discovery and reporting. Every valid security report will receive our acknowledgment and appreciation.
Scope
Covers all VStarcam IP cameras, NVRs, cloud platforms, mobile apps (Eye4 / O-KAM Pro), and related IoT devices.
Report a Vulnerability
Found a security issue? Please submit your report through the following channel.
You may submit potential security vulnerabilities to the email above. We will keep you updated on the progress of the fix via email. Actual response time may vary depending on the severity and complexity of the issue.
Report Guidelines
To help us process your report efficiently, please include the following information.
Description
Clearly describe the vulnerability type, scope of impact, and potential harm
Affected Product
Product model, firmware version, app version, or cloud platform URL involved
Steps to Reproduce
Detailed reproduction steps, including tools and environment configuration
Proof of Concept
Screenshots, videos, PoC code, or other evidence of the vulnerability
Impact Assessment
Your assessment of the severity and potential security impact
Contact Info
Your email address so we can communicate the progress of the fix
Response Process
The complete workflow from vulnerability submission to resolution.
Submission
Security researcher submits a vulnerability report to security@vstarcam.com
Acknowledgment
VSRC team confirms receipt and sends a confirmation email with a tracking ID
Assessment
Security team evaluates the vulnerability, reproduces the issue, and determines the risk level
Feedback
Reporter receives the assessment result and estimated remediation plan
Fix & Release
Vulnerability is patched, security update is released, and the reporter is notified
Severity Classification
Vulnerabilities are classified based on the CVSS scoring standard.
| Severity | CVSS Score | Examples |
|---|---|---|
| Critical | 9.0 – 10.0 | Remote code execution, full device takeover, mass user data breach, cloud platform compromise |
| High | 7.0 – 8.9 | Unauthorized access to sensitive data, privilege escalation, unauthorized video stream access, authentication bypass |
| Medium | 4.0 – 6.9 | Stored XSS, sensitive information disclosure, CSRF attacks, insecure default configurations |
| Low | 0.1 – 3.9 | Reflected XSS, low-sensitivity information disclosure, URL redirect vulnerabilities |
Safe Harbor Policy
We are committed to protecting the rights of good-faith security researchers.
We Encourage
- Responsible discovery and reporting of security vulnerabilities
- Keeping vulnerability details confidential until a fix is released
- Testing only within authorized scope
- Using your own test accounts for verification
- Notifying us as soon as a vulnerability is discovered
Please Do Not
- Perform denial-of-service (DoS) attacks on production systems
- Access, modify, or delete other users’ data
- Publicly disclose vulnerability details before a fix is available
- Use vulnerabilities for any illegal activities
- Conduct social engineering attacks against VStarcam employees
Security Advisories
Publicly disclosed security vulnerabilities and their remediation status. Advisories are published after fixes are released.
* Vulnerability details are disclosed after the fix is released and the reporter is notified.
Security Resources
Authoritative resources and references related to IoT security.
Vulnerability Databases
CVE – Common Vulnerabilities and Exposures
NVD – National Vulnerability Database
CNVD – China National Vulnerability Database
CNNVD – China National Vulnerability DB of IS
Acknowledgements
We thank the following security researchers for their contributions to VStarcam product security. View full Hall of Fame →
* After submitting a valid vulnerability report, you will be acknowledged here upon confirmation. See the Acknowledgements page for details.
Found a Security Vulnerability?
Thank you for helping us protect millions of users worldwide. Please send your report to:
security@vstarcam.comWe commit to responding within 5 business days
About This Page
The VStarcam Security Response Center (VSRC) sincerely thanks all researchers who responsibly report security vulnerabilities. Your contributions help us continuously improve product security and protect the privacy and data of users worldwide.
Hall of Fame
Researchers who have made outstanding contributions to VStarcam security, listed by year.
Acknowledgement Policy
Criteria and rules for inclusion in the security acknowledgements list.
Eligibility Criteria
- The submitted vulnerability is confirmed as valid by VSRC
- The report meets our guidelines and includes complete reproduction steps
- Vulnerability details are not publicly disclosed before the fix is released
- The vulnerability is not exploited for illegal activities or to harm users
- Only the first reporter of a given vulnerability is acknowledged
- The acknowledgements list is updated quarterly
Tier Descriptions
- Outstanding Contributors (Gold) — Submitted 3 or more Critical/High vulnerabilities, or discovered issues with significant impact
- Excellent Contributors (Silver) — Submitted 1 or more High vulnerabilities, or 3 or more Medium vulnerabilities
- Appreciated Contributors (Bronze) — Submitted 1 or more valid vulnerability reports
Become a Security Contributor
Discover and responsibly report security vulnerabilities — your name will appear on our Hall of Fame.
Submit a ReportLearn more by clicking the “Response Center” tab above