For sales and order assistance: contact us via online chat 7*24Hrs or email sales@en-plus.com.cn

Talk to an Expert

EN+ Vulnerability Disclosure and Response Agreement

Welcome to the Vulnerability Disclosure and Response Program (hereinafter referred to as “the Program”) established by Shenzhen EN+ Technology Co., Ltd. and its affiliates (hereinafter referred to as “EN+” or “we”).

We value the network security of our products and business systems and highly recognize the contributions of security researchers to the industry ecosystem. We welcome you to submit security vulnerabilities related to EN+ products and services. Before joining the Program and submitting vulnerabilities, please read and fully understand this “EN+ Vulnerability Disclosure and Response Agreement” (hereinafter referred to as “this Agreement”). By submitting a vulnerability report, you are deemed to have read, understood, and agreed to abide by this Agreement and the EN+ Privacy Policy (Link: [To be supplemented URL]).

1. Scope of Agreement

1.1 This Agreement is a legally binding document entered into between you (the “Reporter”) and EN+ concerning your participation in the Program.
1.2 Reporter refers to any natural person, legal person, or other organization submitting vulnerabilities through designated EN+ channels.
1.3 This Agreement includes rules, supplementary agreements, and explanatory documents published by EN+ from time to time, all of which have the same legal effect as this Agreement.

2. About the Program

2.1 Reporters shall submit vulnerabilities through the designated platform  (www.en-plustech.com) and according to the provided guidelines.
2.2 Vulnerability reports should include:

  • Description of the vulnerability and its potential impact;
  • Steps to reproduce, operational procedures, or PoC;
  • Test environment information (URL/APP, code snippets, device model, system version, test IP, account information, etc.);
  • Screenshots, logs, and other materials generated during testing.

2.3 Acceptable scope includes:

  • The EN+ official website (www.en-plustech.com);
  • EN+ official APPs (e.g., EVCHARGO, Installer App, etc.);
  • EN+ hardware and backend systems within the warranty/maintenance period.

2.4 The following are not accepted:

  • Products no longer for sale and no longer maintained;
  • Issues with third-party platforms or services;
  • Already publicly known or previously submitted vulnerabilities.

2.5 Vulnerability rating considers factors including:

  • Degree of exposure and harmfulness of sensitive data;
  • Exploitation difficulty;
  • Whether it is propagable or widely exploitable.

2.6 Vulnerability disclosure principles:

  • Do not disclose vulnerabilities publicly without written permission from EN+;
  • When disclosure is permitted, do not include sensitive information;
  • Disclosure content must be objective and accurate; exaggeration or creating unnecessary panic is prohibited.

2.7 Reporters must ensure submitted materials are truthful and lawful and must not cause risks due to false information.
2.8 Reference remediation timelines:

  • High-risk and above: In principle, within 90 business days;
  • Medium-low risk: In principle, within 180 business days;
  • Special circumstances will be notified separately.

3. Rights and Obligations of the Reporter

3.1 Reporters must comply with laws, regulations, and this Agreement, and must not damage EN+ systems or infringe upon user rights.
3.2 Do not obtain vulnerabilities through illegal means such as scanning, sniffing, brute-forcing, or phishing.
3.3 The following behaviors are prohibited:

  • Unauthorized intrusion into EN+ systems;
  • Leaking or selling EN+ or user data;
  • Interfering with normal user services during testing;
  • Using vulnerabilities for improper acts such as extortion, hype, or threats.

3.4 Reporters must ensure the report content is truthful and complete.
3.5 After submission, do not threaten to publicly disclose the vulnerability, nor transfer or authorize a third party to use or disclose it.
3.6 All intellectual property rights to the vulnerability report and its results belong to EN+.
3.7 The Reporter has a strict duty of confidentiality regarding any EN+ information accessed during participation.
3.8 Minors (under 18 years old) must participate under the guidance of a guardian.

4. Rights and Responsibilities of EN+

4.1 EN+ is responsible for maintaining the normal operation of the vulnerability submission process.
4.2 EN+ has the right to independently verify, rate, and decide on remediation measures.
4.3 EN+ will promptly follow up on valid reports and provide feedback on handling opinions within a reasonable timeframe.
4.4 EN+ protects Reporter’s personal information in accordance with the law.
4.5 For malicious, illegal, or misleading reports, EN+ has the right to terminate participation and pursue accountability.
4.6 EN+ has the right to adjust or terminate the Program and will notify via announcement or email.
4.7 EN+’s review does not exempt the Reporter from responsibility for the legality of submitted content.
4.8 Disputes between the Reporter and any third party must be handled by the Reporter. If EN+ suffers damage as a result, the Reporter shall bear liability for compensation.

5. Vulnerability Report Submission Specifications

5.1 Report content should be complete, accurate, and reproducible, including:

  • Background of discovery and exploitation process;
  • URL, APP, interface, or module;
  • Device model, system and APP version, serial number (if applicable);
  • Test account, IP address, etc.;
  • Non-destructive verification examples;
  • Materials like packet captures, logs, screenshots, or videos.

5.2 Vulnerability rating considers factors including:

  • Scope of data leakage;
  • Exploitation difficulty;
  • Impact on the platform or users;
  • Whether it affects systems under warranty/maintenance.

5.3 Do not disclose vulnerabilities to any third party without written consent from EN+.
5.4 When disclosure is approved, ensure:

  • It does not contain user privacy or sensitive information;
  • Content is objective and truthful;
  • It does not cause unnecessary panic or mislead.

5.5 Ownership of the vulnerability report and its results belongs to EN+; use, publication, or transfer without authorization is prohibited.

6. Intellectual Property and Data Processing

6.1 All vulnerability reports, testing materials, and related submissions provided by the Reporter shall become the property of EN+.
6.2 Without prior written permission from EN+, the Reporter shall not copy, distribute, disclose, or otherwise use any such materials.
6.3 In the event of any violation of this section, EN+ reserves the right to revoke the Reporter’s eligibility and pursue legal liability in accordance with applicable laws.
6.4 Personal information submitted by the Reporter shall be used solely for identity verification, vulnerability handling, and statistical purposes.
6.5 EN+ shall adopt reasonable technical and organizational measures to protect the security of such information.
6.6 The Reporter shall ensure that all personal information provided is true, accurate, and valid. Any consequences arising from false or invalid information shall be borne by the Reporter.

7. Disclaimer and Suspension

7.1 EN+ may suspend or terminate the Program based on business, technical, or security reasons, and the Reporter may not claim compensation for this.
7.2 EN+ may immediately disqualify a Reporter and pursue accountability if any of the following occur:

  • False, malicious, or duplicate submissions;
  • Using vulnerabilities to attack or interfere with EN+ or users;
  • Unauthorized leakage or dissemination of vulnerabilities;
  • Violation of laws or this Agreement;
  • Refusal to cooperate with verification or provision of false identity information.

7.3 EN+ is not liable for service unavailability caused by:

  • Force majeure;
  • Network failures, attacks, etc.;
  • Third-party platform anomalies;
  • Issues with the Reporter’s own equipment.

7.4 EN+ does not guarantee that the platform is vulnerability-free or continuously available.
7.5 After a Reporter exits the Program, EN+ has the right to delete all their data and is not obligated to provide export services.

8. Governing Law and Dispute Resolution

8.1 This Agreement is governed by the current laws and regulations of the People’s Republic of China (excluding conflict of laws provisions).
8.2 Disputes should be resolved through negotiation; if negotiation fails, they shall be submitted to the People’s Court located at EN+’s location (Nanshan District, Shenzhen City) for handling.
8.3 If any clause is invalid, it does not affect the validity of the remaining clauses.
8.4 Section headings are for convenience only and do not affect interpretation.
8.5 Your continued participation in the Program constitutes acceptance of the updated terms.

9. Contact Information

For questions, complaints, or suggestions, please contact:
Email: support@en-plus.com.cn
Address: 2nd Floor, Building 6, No. 1026 Songbai Road, Nanshan District, Shenzhen City, Guangdong Province, China

Get the latest news from EN Plus

Please enable JavaScript in your browser to complete this form.

Contact

  • Address

Floor 2-3, Building 6, No.1026 Songbai Road, Nanshan District, Shenzhen, China, 518055

  • Business Inquiry
sales@en-plus.com.cn
  • After-Sales Service
support@en-plus.com.cn

by Applications

About

Resources

Products

Partnership

© 2026 Shenzhen EN Plus Tech Co., Ltd.