Target | Version | Type | Require | Date | Effective date(d) | TopPrice(¥) |
---|---|---|---|---|---|---|
Target | Version | Type | Require | Date | Effective date(d) | TopPrice(¥) |
---|---|---|---|---|---|---|
3CX | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
ABB | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
ABB Ability | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Acme | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
ActiveMQ | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
ADC | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
Adobe | - | RCE | 1-Click | 2020-09-04 | ∞ | 800,000 |
Adobe-PDF | - | RCE | 1-Click | 2019-11-08 | ∞ | 800,000 |
advantech | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Airos | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
Android | - | FCWP | Zero-Click | 2019-11-08 | ∞ | 20,000,000 |
Anydesk | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
anymacro安宁邮箱 | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 500,000 |
Apache | - | RCE | Zero-Click | 2020-09-04 | ∞ | 500,000 |
Apache Shiro | - | RCE | Zero-Click | 2021-01-05 | ∞ | 100,000 |
Apache Spark | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
Apache Struts2 | - | RCE | Zero-Click | 2021-01-05 | ∞ | 500,000 |
Apereo CAS | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 100,000 |
ArcSight | - | RCE | Zero-Click | 2020-08-07 | ∞ | 350,000 |
ASUS | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
Atlassian | - | RCE | Zero-Click | 2020-09-04 | ∞ | 400,000 |
Atlassian Jira | - | RCE | Zero-Click | 2021-01-05 | ∞ | 300,000 |
AudioCodes | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Avaya | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Barracuda | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
beyondtrust | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
BlueCoat | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
Bluecoat-ProxySG | - | RCE | Zero-Click | 2019-11-08 | ∞ | 800,000 |
BroadForward | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
Cacti | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
CheckPoint | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
Chrome | - | RCE+LPE | Zero-Click | 2019-11-08 | ∞ | 3,000,000 |
Cisco | - | RCE | Zero-Click | 2019-11-08 | ∞ | 5,000,000 |
CISCO firewall | - | RCE | Zero-Click | 2021-01-05 | ∞ | 500,000 |
CISCO SSL VPN | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 500,000 |
Citrix | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
ClearScada | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Confluence | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 300,000 |
Coremail | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 500,000 |
CourierMail Server | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Cpanel | - | RCE | Zero-Click | 2020-08-07 | ∞ | 350,000 |
Cyberoam | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
Dedecms | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Defense Software | - | RCE | Zero-Click | 2019-11-08 | ∞ | 500,000 |
Diameteriq | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Discuz | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
dlink | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Docker | - | SBX | Zero-Click | 2020-09-04 | ∞ | 500,000 |
Dovecot | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Drupal | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
easysite | - | RCE | Zero-Click | 2021-01-05 | ∞ | 30,000 |
ECShop | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
Emerson | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
EmpireCMS | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
Ericsson HSS | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
eScan | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Exchange | - | RCE | Zero-Click | 2020-08-07 | ∞ | 800,000 |
EXIM | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
express | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
F5 | - | RCE | Zero-Click | 2020-09-04 | ∞ | 500,000 |
F5 BIG-IP | - | RCE | Zero-Click | 2021-01-05 | ∞ | 500,000 |
Fastjson | - | RCE | Zero-Click | 2021-01-05 | ∞ | 500,000 |
Firefox | - | RCE+LPE | Zero-Click | 2019-11-01 | ∞ | 800,000 |
FortiGate | - | RCE | Zero-Click | 2020-08-07 | ∞ | 350,000 |
Fortigate-Firewall | - | RCE | Zero-Click | 2019-11-08 | ∞ | 800,000 |
FortiNet | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
Fortinet(飞塔) Firewall | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Foxit | - | RCE+LPE | 1-Click | 2020-09-04 | ∞ | 500,000 |
FreeBSD | - | LPE | Zero-Click | 2020-08-07 | ∞ | 500,000 |
FusionAccess | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Gitea | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Gitlab | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Grandstream | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
H3C | - | RCE | Zero-Click | 2020-08-07 | ∞ | 500,000 |
Hadoop | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
HanSight Enterprise | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Harbor | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
HttpFileServer | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
IBM | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
IE | - | RCE | 1-Click | 2020-09-04 | ∞ | 800,000 |
Ignition | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
IIS | - | RCE | Zero-Click | 2020-09-04 | ∞ | 3,000,000 |
iOS | - | FCWP | Zero-Click | 2019-11-08 | ∞ | 15,000,000 |
jackson | - | RCE | Zero-Click | 2021-01-05 | ∞ | 500,000 |
Jboss | - | RCE | Zero-Click | 2020-09-04 | ∞ | 500,000 |
jeecms | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
JeeSite | - | RCE | Zero-Click | 2021-01-05 | ∞ | 10,000 |
Jenkins | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
jetty | - | RCE | Zero-Click | 2021-01-05 | ∞ | 300,000 |
JFinal | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
jumpserver | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
juniper | - | RCE | Zero-Click | 2019-11-08 | ∞ | 2,000,000 |
Kaspersky | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
kxmail | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Laravel | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
Liferay | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Linksys | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Linux | - | LPE | Zero-Click | 2019-11-08 | ∞ | 500,000 |
MAC | - | RCE | Zero-Click | 2020-09-04 | ∞ | 3,000,000 |
Mailman | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
McAfee | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
MetInfo | - | RCE | Zero-Click | 2021-01-05 | ∞ | 10,000 |
Microsoft | - | RCE | Zero-Click | 2020-09-04 | ∞ | 1,000,000 |
Microsoft SharePoint | - | RCE | Zero-Click | 2021-01-05 | ∞ | 200,000 |
Mikrotik | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
ModSecurity | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
MOXA | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
MS-Office | - | RCE | Zero-Click | 2019-11-08 | ∞ | 1,500,000 |
NAGIOS | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
Netflow | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
NetScreen | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Nexus | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
Onlyoffice | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
OpenFind | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
OSPF Routing Protocol | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Other Office | - | RCE | Zero-Click | 2019-11-08 | ∞ | 500,000 |
Outlook | - | RCE | Zero-Click | 2020-09-04 | ∞ | 1,500,000 |
Paloalto | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Peplink | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
PFsense | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
phabricator | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
PHP | - | RCE | Zero-Click | 2020-09-04 | ∞ | 1,500,000 |
Phpcms | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Phpmyadmin | - | RCE | Zero-Click | 2021-01-05 | ∞ | 100,000 |
phpStudy | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
PLESK | - | RCE | Zero-Click | 2020-09-04 | ∞ | 800,000 |
Profibus protocol | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Pulse Secure | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
Pulse Secure VPN | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 500,000 |
QEMU | - | VME | Zero-Click | 2020-08-07 | ∞ | 800,000 |
Qnap | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Redmine | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
resin | - | RCE | Zero-Click | 2021-01-05 | ∞ | 100,000 |
Ribbon | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
richmail(thinkmail) | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 100,000 |
RoundCube | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
SaltStack | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
Sangoma | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Schneider | - | RCE | Zero-Click | 2020-08-07 | ∞ | 350,000 |
SE Inno CMS | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
SendMail | - | RCE | Zero-Click | 2020-09-04 | ∞ | 1,000,000 |
SharePoint | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
Siemens | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
SIMATIC | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
SiteServer | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
SNMP | - | RCE | Zero-Click | 2020-09-04 | ∞ | 500,000 |
Solaris | - | LPE | Zero-Click | 2019-11-08 | ∞ | 500,000 |
Solarwinds | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Sonus | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Sophos | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
Splunk | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Spring Boot | - | RCE | Zero-Click | 2021-01-05 | ∞ | 500,000 |
Spring Security Oauth | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
StormShield | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
Struts2 | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
SWIFTNet | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Symantec | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Synology | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
TACACS | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
TeamViewer | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Telegram | - | RCE+LPE | Zero-Click | 2019-11-08 | ∞ | 5,000,000 |
Thinkphp | - | RCE | Zero-Click | 2020-09-04 | ∞ | 500,000 |
TPlink | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
Trend Micro | - | RCE | Zero-Click | 2020-09-04 | ∞ | 200,000 |
turbomail | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 20,000 |
Unify | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Virtual Box | - | VME | Zero-Click | 2020-09-04 | ∞ | 500,000 |
Vmware | - | VME | Zero-Click | 2020-09-04 | ∞ | 800,000 |
VMware ESXi | - | VME | Zero-Click | 2019-11-08 | ∞ | 1,500,000 |
VMware vCenter | - | RCE | Zero-Click | 2021-01-05 | ∞ | 100,000 |
VMware Workstation | - | VME | Zero-Click | 2019-11-08 | ∞ | 600,000 |
Vnc Viewer Server | - | FCWP | Zero-Click | 2020-05-29 | ∞ | 500,000 |
VxWorks | - | VME | Zero-Click | 2020-09-04 | ∞ | 800,000 |
WatchGuard | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
WebEOC | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Weblogic | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
Webmin | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
websphere | - | RCE | Zero-Click | 2021-01-05 | ∞ | 300,000 |
- | RCE+LPE | Zero-Click | 2019-11-08 | ∞ | 10,000,000 | |
Whatsup Gold | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Windows | - | RCE | Zero-Click | 2019-11-01 | ∞ | 10,000,000 |
winmail | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 350,000 |
Winrar | - | RCE | 1-Click | 2020-09-04 | ∞ | 500,000 |
Wordpress | - | RCE | Zero-Click | 2020-09-04 | ∞ | 500,000 |
XAMPP | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
Yeastar | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
Zabbix | - | RCE | Zero-Click | 2020-08-07 | ∞ | 500,000 |
Zimbra | - | RCE | Zero-Click | 2020-09-04 | ∞ | 350,000 |
Zoho | - | RCE | Zero-Click | 2020-09-04 | ∞ | 150,000 |
万户ezoffice | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
亿邮 | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
向日葵 | - | ALL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
堡垒机 | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
大汉cms | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
宝塔 | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
帕拉迪堡垒机 | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
常用安防类产品(防火墙、VPN、IDS、IPS、主机安全、终端安全等) | - | RCE | Zero-Click | 2021-01-06 | ∞ | 50,000 |
微擎 | - | RCE | Zero-Click | 2021-01-05 | ∞ | 10,000 |
拓尔思 TRSWAS | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
日志易 | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
时代亿信邮箱 | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 200,000 |
泛微 | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
爱快流控路由 | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
用友 | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
禅知 | - | RCE | Zero-Click | 2021-01-05 | ∞ | 20,000 |
禅道/zentao | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
税友 | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
致远oa | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
蓝凌 | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 50,000 |
通达oa | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 20,000 |
金蝶 | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
锐捷 | - | RCE | Zero-Click | 2021-01-05 | ∞ | 50,000 |
齐治堡垒机 | - | RCE/AUL | Zero-Click | 2021-01-05 | ∞ | 100,000 |
ALL:RCE + LPE;RCE(Remote Code Execution):远程代码执行;LPE(Local Privilege Escalation):本地权限提升;SBX(Sandbox Escape Bypass):沙盒逃逸绕过;VME(Virtual Machine Escape):虚拟机逃逸;FCWP(Full Chain (Zero-Click) with Persistence):完整的利用链;AUL:Arbitrary user login vulnerability