Renogy welcomes responsible disclosure of potential security vulnerabilities affecting its products. If you believe you have identified a security issue, please report it using the method described below so we can investigate and address it promptly.

Vulnerabilities can be reported by email:
Email: supportau@renogy.com

To help us better understand and assess the reported issue, please include relevant technical details where possible. Providing the information below is encouraged but not mandatory, and no personal information is required.
Recommended information:
● Affected product model(s) and firmware or software version(s)
● A clear description of the potential vulnerability
● Steps to reproduce the issue, if applicable
● Any known impact or observed behavior related to the issue
● Additional technical information that may help with assessment

Responsible Disclosure Guidelines

While Renogy encourages security research and responsible vulnerability reporting, certain activities are not permitted during testing or investigation.
The following activities are prohibited:
● Modification, deletion, or destruction of product data
● Disruption or degradation of product functionality or services (including denial-of-service activities)
● Unauthorized access to personal, proprietary, or confidential information
● Any activity that may violate applicable laws, regulations, or user rights

Renogy will acknowledge receipt of reported vulnerabilities within 72 hours.
After initial acknowledgment, Renogy will assess the reported issue and provide status updates as appropriate. The frequency and level of detail of updates may vary depending on the severity, complexity, and validation status of the vulnerability.
*Note: Actual response and resolution timelines may vary based on the risk level and technical complexity of the reported issue.

Renogy discloses security vulnerabilities affecting its products in a structured and responsible manner to protect users and devices.

Confirmed Vulnerabilities (Advisory): Once a reported vulnerability has been validated and a remediation plan has been developed, Renogy may issue a Security Advisory providing detailed information about the vulnerability and the corresponding fix. The timing of the advisory depends on the complexity of the issue and the readiness of the mitigation.

Potential Vulnerabilities (Notice): If a potential security issue is identified but has not yet been confirmed, Renogy may issue a Security Notice that summarizes the basic information of the vulnerability and communicates the ongoing investigation progress.

All reported vulnerability information is treated as confidential until Renogy determines that public disclosure is appropriate.

Renogy regularly publishes security advisories and notices through publicly accessible channels to keep users informed of product security developments.

Note: The timing and method of vulnerability disclosure may vary based on factors such as the severity and complexity of the vulnerability, the readiness of the fix, potential user impact, and coordination with third-party components or service providers.