| 首页 > 新闻公告 > 公告详情
致谢:感谢英国白帽子对360安全应急响应中心的帮助与支持
2018-12-18

在2018年10月,来自英国的一位安全专家(应本人要求匿名)向360SRC提交了一个高危漏洞,截止目前,漏洞已完成全面修复,暂未发现有用户因该漏洞导致的信息泄露和损失。我们对您表示由衷的感谢!


依据360SRC漏洞奖励规则(https://security.360.cn/Reward/reward),360SRC对这位安全专家提交的漏洞进行评估和发放税后奖金_20000_美元(从人民币兑换外币的计算应以兑换当日由中国人民银行公布的汇率为准)。


360SRC真诚感谢每一位白帽子和安全生态伙伴,帮助我们不断完善360安全体系、提升产品的安全性,让用户安心畅享万物互联世界。

360SRC在法律允许的范围内对以上内容拥有解释权与修改权。

 

In October 2018, a security researcher from UK (who asked to remain anonymous) reported a HIGH rating vulnerability of 360 Router.We are so deeply grateful for your help with our product security.

Up to now, no information leakage or losscaused by this vulnerability has been found.

We have evaluated the vulnerabilities yousubmitted and awarded you_20000_USD (Conversion from RMB to USD shall bemade at the exchange rates published by the People's Bank of China on the dateof such conversion.) subject to the 360SRC Vulnerability Reward Rules (https://security.360.cn/Reward/reward).

The 360 Company reserves the right ofinterpretation to the maximum extent permitted by law.

 

[PRODUCT]:360 Safe Router P1

[VERSION]:V2.0.61.58897

[PROBLEMTYPE]:Local Code Execution

[DESCRIPTION]:A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products.