Vulnerability Disclosure Policy

TCL is committed to ensuring the security of our products and services, safeguarding user data from threats. We encourage security researchers, users, and partners to collaborate with us to enhance the security of TCL products.

Reporting Security Vulnerabilities:

If you discover a security vulnerability while using TCL products, we welcome you to contact us at security@tcl.com

When reporting a security vulnerability, please provide the following detailed information to facilitate our rapid response:

1. Your Contact Information: Including your name, affiliated organization (if any), and contact details.

2. Affected Products and Versions: Clearly specify the product models and software versions affected.

3. Detailed Vulnerability Description.

4. Vulnerability Impact Evidence: Such as screenshots, log files, etc.

5. Other Relevant Information (if any): Any additional information that helps us understand or fix the vulnerability.

To protect our users, TCL will not disclose or discuss security issues before completing the investigation and rolling out any necessary updates.

Our Commitment:

Upon discovering a vulnerability or receiving a vulnerability report, we will develop and implement a remediation plan to provide solutions for all affected customers. For some theoretically feasible vulnerabilities without in-depth proof, TCL security engineers will conduct internal testing to confirm the potential harm of the vulnerability.

The vulnerability you submit will be confirmed and evaluated within 3 business days of receiving the report, and a preliminary response will be provided within 7 business days.

TCL strives to resolve vulnerabilities in accordance with industry standard practices after reporting, serious risk vulnerabilities will be fixed within 15 working days, high/medium risk vulnerabilities will be fixed within 90 working days, and low risk vulnerabilities will be fixed within 180 working days (Note: Some vulnerabilities are subject to environmental or hardware limitations, and the final repair time will be confirmed according to the actual situation).

However, due to the complexity of each vulnerability, the analysis difficulty is different, and there may be a long period of time. Please understand. If you can provide detailed POC, it will speed up the processing of the staff.

Vulnerability Reporting Guidelines:

1. All vulnerability reports should comply with the laws and regulations of the relevant countries and regions.

2. Reports should be based on the latest firmware version. To ensure smooth communication, it is recommended that vulnerability reports be written in English.

3. Please report vulnerabilities through the designated email channel to ensure information security. TCL may receive reports from other channels, but does not guarantee that reports will be recognized.

4. Strictly adhere to data protection principles during the discovery and reporting of vulnerabilities, without infringing upon the data security of any individual or organization.

5. Maintain communication and cooperation before the agreed disclosure date, avoiding the premature public disclosure of vulnerability information.

Security Update Support Period:

We commit to providing 5 years of security update support for TCL products. The specific support period may vary by product model; for more details, please refer to Product Security Update Period

Policy Updates:

We may periodically update this security policy. Any changes will be announced on this page, with the latest revision date indicated.

How to Contact Us:

If you have any product security-related questions or comments regarding this security policy, please contact us at security@tcl.com

If you have any complaints or concerns about this product security policy, please contact us via the aforementioned email. We take all complaints about violations of product security policies seriously. TCL staff will investigate your complaint and respond to you within a reasonable time.