The "NVWA Project" is a reward project for the 0day vulnerability and utilization technology research, mainly for mainstream PC, mobile operating systems, popular servers, client software applications, network equipments, virtual system escape, etc. We provide generous bonuses that the highest reward for a single vulnerability could up to ¥20,000,000!

Target Directory

Including but not limited to the following ranges, the target directory will be updated regularly

New Tablenew

Target Version Type Require Date Effective date(d) TopPrice(¥)
Ahnlab - RCE/DoS Zero-Click 2020-04-01 2020-12-31 200,000
Cisco - RCE/DoS Zero-Click 2020-04-01 2020-12-31 500,000
ForcePoint - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Hillstone - RCE/DoS Zero-Click 2020-04-01 2020-12-31 400,000
Juniper - RCE/DoS Zero-Click 2020-04-01 2020-12-31 800,000
Lotus Domino - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
McAfee WebGateWay - RCE/DoS Zero-Click 2020-04-01 2020-12-31 500,000
Mdeamon - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Microsoft ForeFront TMG/ISA - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
NEC - RCE/DoS Zero-Click 2020-04-01 2020-12-31 200,000
NSD - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Oracle - RCE/DoS Zero-Click 2020-04-01 2020-12-31 500,000
Piolink - RCE/DoS Zero-Click 2020-04-01 2020-12-31 200,000
Portable SDK for UPnP devices - RCE Zero-Click 2020-05-01 2020-12-31 350,000
Postfix - RCE/DoS Zero-Click 2020-04-01 2020-12-31 1200,000
PowerDNS - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
PowerMTA - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Sonicwall - RCE/DoS Zero-Click 2020-04-01 2020-12-31 450,000
UltraDNS - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Winmail - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Zmailer - RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
富士通IPCOM - RCE/DoS Zero-Click 2020-04-01 2020-12-31 200,000

Long-term Table

Target Version Type Require Date Effective date(d) TopPrice(¥)
3CXnew - RCE Zero-Click 2020-09-04 150,000
ABBnew - RCE Zero-Click 2020-09-04 150,000
ABB Abilitynew - RCE Zero-Click 2020-09-04 150,000
Acmenew - RCE Zero-Click 2020-09-04 150,000
Adobenew - RCE 1-Click 2020-09-04 800,000
Adobe-PDF - RCE 1-Click 2019-11-08 800,000
advantechnew - RCE Zero-Click 2020-09-04 150,000
Airosnew - RCE Zero-Click 2020-09-04 350,000
Android - FCWP Zero-Click 2019-11-08 20,000,000
Anydesknew - RCE Zero-Click 2020-09-04 150,000
Apachenew - RCE Zero-Click 2020-09-04 500,000
Appachenew - RCE Zero-Click 2020-09-04 500,000
ArcSight - RCE Zero-Click 2020-08-07 350,000
ASUSnew - RCE Zero-Click 2020-09-04 200,000
Atlassiannew - RCE Zero-Click 2020-09-04 400,000
AudioCodesnew - RCE Zero-Click 2020-09-04 150,000
Avayanew - RCE Zero-Click 2020-09-04 150,000
Barracudanew - RCE Zero-Click 2020-09-04 200,000
beyondtrustnew - RCE Zero-Click 2020-09-04 200,000
BlueCoatnew - RCE Zero-Click 2020-09-04 200,000
Bluecoat-ProxySG - RCE Zero-Click 2019-11-08 800,000
BroadForwardnew - RCE Zero-Click 2020-09-04 200,000
Cactinew - RCE Zero-Click 2020-09-04 150,000
CheckPointnew - RCE Zero-Click 2020-09-04 350,000
Chrome - RCE/LPE Zero-Click 2019-11-08 3,000,000
Cisco - RCE Zero-Click 2019-11-08 5,000,000
Citrixnew - RCE Zero-Click 2020-09-04 350,000
ClearScadanew - RCE Zero-Click 2020-09-04 150,000
CourierMail Servernew - RCE Zero-Click 2020-09-04 150,000
Cpanel - RCE Zero-Click 2020-08-07 350,000
Cyberoamnew - RCE Zero-Click 2020-09-04 200,000
Defense Software - RCE Zero-Click 2019-11-08 500,000
Diameteriqnew - RCE Zero-Click 2020-09-04 150,000
Dockernew - SBX Zero-Click 2020-09-04 500,000
Dovecotnew - RCE Zero-Click 2020-09-04 150,000
Drupalnew - RCE Zero-Click 2020-09-04 150,000
Emersonnew - RCE Zero-Click 2020-09-04 150,000
Ericsson HSSnew - RCE Zero-Click 2020-09-04 150,000
eScannew - RCE Zero-Click 2020-09-04 150,000
Exchange - RCE Zero-Click 2020-08-07 800,000
EXIMnew - RCE Zero-Click 2020-09-04 350,000
F5new - RCE Zero-Click 2020-09-04 500,000
Firefox - RCE/LPE Zero-Click 2019-11-01 800,000
FortiGate - RCE Zero-Click 2020-08-07 350,000
Fortigate-Firewall - RCE Zero-Click 2019-11-08 800,000
FortiNetnew - RCE Zero-Click 2020-09-04 350,000
Foxitnew - RCE/LPE 1-Click 2020-09-04 500,000
FreeBSD - LPE Zero-Click 2020-08-07 500,000
Grandstreamnew - RCE Zero-Click 2020-09-04 150,000
H3C - RCE Zero-Click 2020-08-07 500,000
HttpFileServernew - RCE Zero-Click 2020-09-04 150,000
IBMnew - RCE Zero-Click 2020-09-04 350,000
IEnew - RCE 1-Click 2020-09-04 800,000
Ignitionnew - RCE Zero-Click 2020-09-04 150,000
IISnew - RCE Zero-Click 2020-09-04 3000,000
iOS - FCWP Zero-Click 2019-11-08 15,000,000
Jbossnew - RCE Zero-Click 2020-09-04 500,000
juniper - RCE Zero-Click 2019-11-08 2,000,000
Kasperskynew - RCE Zero-Click 2020-09-04 150,000
Liferaynew - RCE Zero-Click 2020-09-04 150,000
Linksysnew - RCE Zero-Click 2020-09-04 150,000
Linux - LPE Zero-Click 2019-11-08 500,000
MACnew - RCE Zero-Click 2020-09-04 3000,000
Mailmannew - RCE Zero-Click 2020-09-04 150,000
McAfeenew - RCE Zero-Click 2020-09-04 200,000
Microsoftnew - RCE Zero-Click 2020-09-04 1000,000
Mikrotiknew - RCE Zero-Click 2020-09-04 150,000
MOXAnew - RCE Zero-Click 2020-09-04 150,000
MS-Office - RCE Zero-Click 2019-11-08 1,500,000
NAGIOSnew - RCE Zero-Click 2020-09-04 200,000
Netflownew - RCE Zero-Click 2020-09-04 150,000
NetScreennew - RCE Zero-Click 2020-09-04 150,000
Onlyofficenew - RCE Zero-Click 2020-09-04 150,000
OpenFindnew - RCE Zero-Click 2020-09-04 150,000
OSPF Routing Protocolnew - RCE Zero-Click 2020-09-04 150,000
Other Office - RCE Zero-Click 2019-11-08 500,000
Outlooknew - RCE Zero-Click 2020-09-04 1500,000
Paloaltonew - RCE Zero-Click 2020-09-04 150,000
Peplinknew - RCE Zero-Click 2020-09-04 150,000
PFsensenew - RCE Zero-Click 2020-09-04 350,000
phabricatornew - RCE Zero-Click 2020-09-04 150,000
PHPnew - RCE Zero-Click 2020-09-04 1500,000
PLESKnew - RCE Zero-Click 2020-09-04 800,000
Profibus protocolnew - RCE Zero-Click 2020-09-04 150,000
Pulse Securenew - RCE Zero-Click 2020-09-04 350,000
QEMU - VME Zero-Click 2020-08-07 800,000
Qnapnew - RCE Zero-Click 2020-09-04 150,000
Redminenew - RCE Zero-Click 2020-09-04 150,000
Ribbonnew - RCE Zero-Click 2020-09-04 150,000
RoundCubenew - RCE Zero-Click 2020-09-04 150,000
Sangomanew - RCE Zero-Click 2020-09-04 150,000
Schneider - RCE Zero-Click 2020-08-07 350,000
SE Inno CMSnew - RCE Zero-Click 2020-09-04 150,000
SendMailnew - RCE Zero-Click 2020-09-04 1000,000
SharePointnew - RCE Zero-Click 2020-09-04 200,000
Siemensnew - RCE Zero-Click 2020-09-04 200,000
SIMATICnew - RCE Zero-Click 2020-09-04 200,000
SNMPnew - RCE Zero-Click 2020-09-04 500,000
Solaris - LPE Zero-Click 2019-11-08 500,000
Solarwindsnew - RCE Zero-Click 2020-09-04 150,000
Sonusnew - RCE Zero-Click 2020-09-04 150,000
Sophosnew - RCE Zero-Click 2020-09-04 200,000
Splunknew - RCE Zero-Click 2020-09-04 150,000
StormShieldnew - RCE Zero-Click 2020-09-04 200,000
Struts2new - RCE Zero-Click 2020-09-04 350,000
SWIFTNetnew - RCE Zero-Click 2020-09-04 150,000
Symantecnew - RCE Zero-Click 2020-09-04 150,000
Synologynew - RCE Zero-Click 2020-09-04 150,000
TACACSnew - RCE Zero-Click 2020-09-04 150,000
Telegram - RCE/LPE Zero-Click 2019-11-08 5,000,000
Thinkphpnew - RCE Zero-Click 2020-09-04 500,000
Trend Micronew - RCE Zero-Click 2020-09-04 200,000
Unifynew - RCE Zero-Click 2020-09-04 150,000
Virtual Boxnew - VME Zero-Click 2020-09-04 500,000
Vmwarenew - VME Zero-Click 2020-09-04 800,000
VMware ESXi - VME Zero-Click 2019-11-08 1,500,000
VMware Workstation - VME Zero-Click 2019-11-08 600,000
Vnc Viewer Server - RCE/DoS Zero-Click 2020-05-29 500,000
VxWorksnew - VME Zero-Click 2020-09-04 800,000
WatchGuardnew - RCE Zero-Click 2020-09-04 150,000
WebEOCnew - RCE Zero-Click 2020-09-04 150,000
Weblogicnew - RCE Zero-Click 2020-09-04 350,000
WhatsApp - RCE/LPE Zero-Click 2019-11-08 10,000,000
Whatsup Goldnew - RCE Zero-Click 2020-09-04 150,000
Windows - RCE Zero-Click 2019-11-01 10,000,000
Winrarnew - RCE 1-Click 2020-09-04 500,000
Wordpressnew - RCE Zero-Click 2020-09-04 500,000
Yeastarnew - RCE Zero-Click 2020-09-04 150,000
Zabbix - RCE Zero-Click 2020-08-07 500,000
Zimbranew - RCE Zero-Click 2020-09-04 350,000
Zohonew - RCE Zero-Click 2020-09-04 150,000

ALL:RCE + LPE;RCE(Remote Code Execution):远程代码执行;LPE(Local Privilege Escalation):本地权限提升;SBX(Sandbox Escape Bypass):沙盒逃逸绕过;VME(Virtual Machine Escape):虚拟机逃逸;FCWP(Full Chain (Zero-Click) with Persistence):完整的利用链

Vulnerability Submission

Q&A

1.Email
Please use your Email address and we will contact you by Email during the vulnerability confirmation.
2. What is the scope of the vulnerability?
Our focus is on the related 0day vulnerabilities within the target range given by the 'NVWA Project'. The target scope will be updated regularly, please keep an eye on it.
If your vulnerability is outside the scope of our target and the impact is large and serious, it may also become our receiving target. You can submit it and we will contact you after we evaluate.
3. How many vulnerability rewards can I get?
When you submit the vulnerability profile, you’re supposed to submit the vulnerability self-evaluation. Based on that we will evaluate and contact you for bargaining, only after the bargaining price has been approved by both side will the process proceed to the next step.
After receiving the details of the vulnerability sample, if we find that it does not match your previous description, we will conduct a second bargain.
4. What kind of vulnerability profile do I need to submit?
At the beginning of the process, please refer to the 'Vulnerability Submission' form. After the vulnerability negotiation is completed, you can submit the vulnerability details and a complete exploit.
5. When can I get rewards after submitting a vulnerability?
After submitting the full vulnerability description and exploit, we will confirm and issue a bonus based on the final bargaining result. The bonus will be paid in installments within 3 months.
The 50% bonus will be paid within 1 week after the vulnerability is confirmed, and the remaining 50% will be paid in 3 months.
The information related to the vulnerability you submitted should be kept confidential, if there is a leak due to the vulnerability submitter, we will deduct or cancel the reward according to the specific circumstances.
6. What does "Require" (such as "Zero-click") mean?
The interaction related requirement refers to any interaction action other than the attack scenario.
Opening the Office, opening a document, or using browser to open a link, and an application such as a mobile IM to open a link is considered an "attack scenario" and is not within the scope of "interaction requirements."
7. What should I do if I need to send sensitive information during the communication process?
During the communication process, if you are concerned that the information you send involves sensitive information, please use our public PGP key encryption.
              Our PGP public key is as follows:
public-key-service@nvwa.org