FB pixel

We use cookies to provide you with a better service. By continuing we’ll assume you’re on board with our cookie policy.

Response Electronics

0345 257 2500

({{mb.basket.itemCount}} Items) {{mb.basket.subTotal}}

Showing the latest {{mb.basket.miniBasketItems.length}} products added. View full basket

Total items: {{mb.basket.itemCount}}
Sub-total: {{mb.basket.subTotal}}

Vulnerability Disclosure

Last updated: 11th November 2019, 12:57pm GMT 


Listed below are potential vulnerabilities raised against ERA products, software and services. In addition to the issues raised are the actions taken by ERA Home Security Ltd.


Date Raised


Date of Response

ERA Response





6th November 2019

SSL cookie without secure flag set - responseelectronics.com



7th November 2019

Vulnerable version of the library 'jquery' found – eraeverywhere.com



11th November 2019

Vulnerable version of the library 'jquery' found - responseelectronics.com



11th November 2019

Account takeover using CSRF - responseelectronics.com



11th November 2019

Cookie without Http Only flag set – responseelectronics.com



11th November 2019

Cookie without Http Only flag set – eraeverywhere.com



11th November 2019

Cookies were issued by the application and do not have the secure flag set – eraeverywhere.com



11th November 2019

Vulnerable version of the library 'angularjs' found – eraeverywhere.com




ERA Vulnerability Disclosure - How to report

At ERA, we take the security of our products and services seriously, so it is immensely useful for us to get any feedback from researchers that can help develop our services. 

We operate a reporting procedure for the responsible disclosure of any security vulnerabilities. If you are involved with security research, please find details below:


How to report a suspected security vulnerablity:

If you believe you’ve found a potential vulnerability, please let us know by filling out the responsible disclosure form below and give us as much detail about it as possible.

Please do not make any information about any vulnerabilities public or do anything else that may put our customers’ data or our intellectual property at risk. And do not degrade our systems.


What actions will we take?

We will acknowledge your disclosure form and review the reported issue. After investigation, if there is an issue, we will provide an estimate for how long a resolution will take.  


Activity that we do not allow:

We do not allow any activity that may interfere with customers using our services, or any activity that may result in the modification, deletion or unauthorised disclosure of our intellectual property or personal customer data. Please find specific examples of this below:

  • Public disclosure of personal, proprietary or financial information
  • The modification or deletion of data that isn’t yours
  • Interruption, degradation or outage to services (like Denial of Service attacks)
  • Spamming / social engineering / phishing attacks
  • Physical exploits and/or attacks on our infrastructure
  • Local network-based attacks such as DNS poisoning or ARP spoofing


Vulnerability disclosures that are out of scope of our vulnerability disclosure policy:

  • Accessible non-sensitive files and directories (e.g. README.txt, robots.txt, etc.)
  • Fingerprinting / banner / version disclosure of common / public services
  • Username / email enumeration by brute forcing or by inference of certain error messages – except in exceptional circumstances (e.g. the ability to enumerate email addresses by incrementing a variable)


Reporting Form

Details of the Issue


If you have any attachments/ screen shots etc to send. Please email those to info@responseelectronics.com

Contact Details

Help & Advice required?

Don't forget if you need any help you can always talk to our Customer Support helpline