The "NVWA Project" is a reward project for the 0day vulnerability and utilization technology research, mainly for mainstream PC, mobile operating systems, popular servers, client software applications, network equipments, virtual system escape, etc. We provide generous bonuses that the highest reward for a single vulnerability could up to ¥20,000,000!

Target Directory

Including but not limited to the following ranges, the target directory will be updated regularly

New Tablenew

Target Version Type Require Date Effective date(d) TopPrice(¥)
Ahnlab FireWall RCE/DoS Zero-Click 2020-04-01 2020-12-31 200,000
Cisco 1800/1900 Router RCE/DoS Zero-Click 2020-04-01 2020-12-31 500,000
Cisco ASR1000 Router RCE/DoS Zero-Click 2020-04-01 2020-12-31 700,000
Cisco Catalyst9000 Router RCE/DoS Zero-Click 2020-04-01 2020-12-31 550,000
ForcePoint FireWall RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Hillstone FireWall RCE/DoS Zero-Click 2020-04-01 2020-12-31 400,000
Juniper QFX switches RCE/DoS Zero-Click 2020-04-01 2020-12-31 800,000
Juniper OCX switches RCE/DoS Zero-Click 2020-04-01 2020-12-31 800,000
Juniper T Router RCE/DoS Zero-Click 2020-04-01 2020-12-31 1000,000
Juniper PTX Router RCE/DoS Zero-Click 2020-04-01 2020-12-31 600,000
Juniper ACX Router RCE/DoS Zero-Click 2020-04-01 2020-12-31 500,000
Lotus Domino Web service RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
McAfee WebGateWay Network proxy RCE/DoS Zero-Click 2020-04-01 2020-12-31 500,000
Mdeamon Mail service RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Microsoft ForeFront TMG/ISA Network proxy RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
NEC NEC Router RCE/DoS Zero-Click 2020-04-01 2020-12-31 200,000
NSD DNS RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Oracle Database RCE/DoS Zero-Click 2020-04-01 2020-12-31 500,000
Piolink Piolink Router RCE/DoS Zero-Click 2020-04-01 2020-12-31 200,000
Portable SDK for UPnP devices CIG Router RCE Zero-Click 2020-05-01 2020-12-31 350,000
Postfix Mail service RCE/DoS Zero-Click 2020-04-01 2020-12-31 1200,000
PowerDNS DNS RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
PowerMTA Mail service RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Sonicwall VPN RCE/DoS Zero-Click 2020-04-01 2020-12-31 450,000
UltraDNS DNS RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Winmail Mail service RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
Zmailer Mail service RCE/DoS Zero-Click 2020-04-01 2020-12-31 350,000
富士通IPCOM FireWall RCE/DoS Zero-Click 2020-04-01 2020-12-31 200,000

Long-term Table

Target Version Type Require Date Effective date(d) TopPrice(¥)
3CXnew IP PBX设备 RCE Zero-Click 2020-09-04 150,000
ABBnew AC800F控制器 RCE Zero-Click 2020-09-04 150,000
ABB Abilitynew 800xA DCS系统 RCE Zero-Click 2020-09-04 150,000
ABB Abilitynew IEC61850 MicroScada系统 RCE Zero-Click 2020-09-04 150,000
ABB Abilitynew MNS Digital边缘管理器 RCE Zero-Click 2020-09-04 150,000
Acmenew Packet设备 RCE Zero-Click 2020-09-04 150,000
Adobenew Acrobat DC Reader RCE 1-Click 2020-09-04 800,000
Adobe-PDF Windows RCE 1-Click 2019-11-08 800,000
advantechnew Protocol Connector RCE Zero-Click 2020-09-04 150,000
advantechnew WebAccess Cloud RCE Zero-Click 2020-09-04 150,000
advantechnew WebAccess Professionnal RCE Zero-Click 2020-09-04 150,000
advantechnew WebAccess/SCADA RCE Zero-Click 2020-09-04 150,000
advantechnew WISE-PAAS/EnSass RCE Zero-Click 2020-09-04 150,000
Airosnew - RCE Zero-Click 2020-09-04 350,000
Android Mainstream Android Mobile OS FCWP Zero-Click 2019-11-08 20,000,000
Anydesknew 远程控制软件 RCE Zero-Click 2020-09-04 150,000
Apachenew Guacamole RCE Zero-Click 2020-09-04 500,000
Apachenew Httpd RCE Zero-Click 2020-09-04 800,000
Apachenew Solr RCE Zero-Click 2020-09-04 500,000
Appachenew Axis2 RCE Zero-Click 2020-09-04 500,000
ArcSightnew - RCE Zero-Click 2020-08-07 350,000
ASUSnew - RCE Zero-Click 2020-09-04 200,000
Atlassiannew Confluence RCE Zero-Click 2020-09-04 400,000
Atlassiannew Jira RCE Zero-Click 2020-09-04 400,000
AudioCodesnew Mediant设备 RCE Zero-Click 2020-09-04 150,000
Avayanew IP PBX设备 RCE Zero-Click 2020-09-04 150,000
Barracudanew CloudGen/NextGen RCE Zero-Click 2020-09-04 200,000
beyondtrustnew bomgar RCE Zero-Click 2020-09-04 200,000
BlueCoatnew - RCE Zero-Click 2020-09-04 200,000
Bluecoat-ProxySG - RCE Zero-Click 2019-11-08 800,000
BroadForwardnew DSC RCE Zero-Click 2020-09-04 200,000
Cactinew - RCE Zero-Click 2020-09-04 150,000
CheckPointnew Firewall RCE Zero-Click 2020-09-04 350,000
Chrome Windows/MacOS RCE/LPE Zero-Click 2019-11-08 3,000,000
Cisco IOS RCE Zero-Click 2019-11-08 5,000,000
Cisconew webEX RCE 1-Click 2020-08-07 500,000
Cisconew ASA 55XX RCE Zero-Click 2020-09-04 350,000
Cisconew ASDM RCE Zero-Click 2020-09-04 350,000
Cisconew C2960-L switches RCE Zero-Click 2020-09-04 350,000
Cisconew C2960X RCE Zero-Click 2020-09-04 350,000
Cisconew C6807-XL RCE Zero-Click 2020-09-04 350,000
Cisconew Call Manager Expresss RCE Zero-Click 2020-09-04 350,000
Cisconew Catalyst RCE Zero-Click 2020-09-04 350,000
Cisconew DCN Network management software RCE Zero-Click 2020-09-04 350,000
Cisconew ISR RCE Zero-Click 2020-09-04 350,000
Cisconew Open SDN Controller RCE Zero-Click 2020-09-04 350,000
Cisconew secure desktop vpn RCE Zero-Click 2020-09-04 350,000
Cisconew VPN router RCE Zero-Click 2020-09-04 350,000
Citrixnew ADC/Nescaler/GateWay RCE Zero-Click 2020-09-04 350,000
Citrixnew SD-WAN RCE Zero-Click 2020-09-04 350,000
Citrixnew XenMobile Server/EndpointManagement RCE Zero-Click 2020-09-04 350,000
ClearScadanew - RCE Zero-Click 2020-09-04 150,000
CourierMail Servernew - RCE Zero-Click 2020-09-04 150,000
Cpanelnew - RCE Zero-Click 2020-08-07 350,000
Cpanelnew WHM RCE Zero-Click 2020-09-04 350,000
Cyberoamnew RCE Zero-Click 2020-09-04 200,000
Defense Software Symantec/HP-arcsight/TrendMicro... RCE Zero-Click 2019-11-08 500,000
Diameteriqnew DRE RCE Zero-Click 2020-09-04 150,000
Dockernew - SBX Zero-Click 2020-09-04 500,000
Dovecotnew - RCE Zero-Click 2020-09-04 150,000
Drupalnew - RCE Zero-Click 2020-09-04 150,000
Emersonnew AMS设备管理平台软件系统 RCE Zero-Click 2020-09-04 150,000
Emersonnew 1410 Smart wireless gateway RCE Zero-Click 2020-09-04 200,000
Emersonnew DeltaV DCS control system RCE Zero-Click 2020-09-04 200,000
Emersonnew DeltaV SIS Safety Instrumented System RCE Zero-Click 2020-09-04 200,000
Emersonnew Ovation SIS Safety Instrumented System RCE Zero-Click 2020-09-04 200,000
Emersonnew Ovation control system RCE Zero-Click 2020-09-04 200,000
Ericsson HSSnew - RCE Zero-Click 2020-09-04 150,000
eScannew - RCE Zero-Click 2020-09-04 150,000
Exchangenew - RCE Zero-Click 2020-08-07 800,000
EXIMnew - RCE Zero-Click 2020-09-04 350,000
F5new 2000s RCE Zero-Click 2020-09-04 500,000
F5new BigIP RCE Zero-Click 2020-09-04 500,000
Firefox Windows/MacOS RCE/LPE Zero-Click 2019-11-01 800,000
FortiGatenew - RCE Zero-Click 2020-08-07 350,000
Fortigate-Firewall FortiOS RCE Zero-Click 2019-11-08 800,000
FortiNetnew FortiManager RCE Zero-Click 2020-09-04 350,000
Foxitnew Reader RCE/LPE 1-Click 2020-09-04 500,000
FreeBSDnew - LPE Zero-Click 2020-08-07 500,000
Grandstreamnew IP PBX RCE Zero-Click 2020-09-04 150,000
H3Cnew - RCE Zero-Click 2020-08-07 500,000
HttpFileServernew - RCE Zero-Click 2020-09-04 150,000
IBMnew Bigfix RCE Zero-Click 2020-09-04 350,000
IBMnew Traveler RCE Zero-Click 2020-09-04 350,000
IEnew - RCE 1-Click 2020-09-04 800,000
Ignitionnew - RCE Zero-Click 2020-09-04 150,000
IISnew - RCE Zero-Click 2020-09-04 3000,000
iOS Mainstream Apple iOS FCWP Zero-Click 2019-11-08 15,000,000
Jbossnew - RCE Zero-Click 2020-09-04 500,000
juniper ScreenOS/... RCE Zero-Click 2019-11-08 2,000,000
Junipernew EX RCE Zero-Click 2020-09-04 350,000
Junipernew MAG RCE Zero-Click 2020-09-04 350,000
Junipernew MX RCE Zero-Click 2020-09-04 350,000
Junipernew network connect VPN RCE Zero-Click 2020-09-04 350,000
Junipernew SRX FireWall/Router/Switches RCE Zero-Click 2020-09-04 350,000
Kasperskynew Security Center RCE Zero-Click 2020-09-04 150,000
Liferaynew - RCE Zero-Click 2020-09-04 150,000
Linksysnew - RCE Zero-Click 2020-09-04 150,000
Linux Mainstream Linux OS LPE Zero-Click 2019-11-08 500,000
MACnew lastest RCE Zero-Click 2020-09-04 3000,000
Mail2000new - RCE Zero-Click 2020-09-04 150,000
Mailmannew - RCE Zero-Click 2020-09-04 150,000
McAfeenew ePO RCE Zero-Click 2020-09-04 200,000
Microsoftnew Exchange RCE Zero-Click 2020-09-04 1000,000
Mikrotiknew - RCE Zero-Click 2020-09-04 150,000
MOXAnew ioLogik Remote I/O Server RCE Zero-Click 2020-09-04 150,000
MOXAnew NP5250 RCE Zero-Click 2020-09-04 150,000
MS-Office Windows RCE Zero-Click 2019-11-08 1,500,000
NAGIOSnew XI RCE Zero-Click 2020-09-04 200,000
Netflownew - RCE Zero-Click 2020-09-04 150,000
NetScreennew SSG RCE Zero-Click 2020-09-04 150,000
Onlyofficenew - RCE Zero-Click 2020-09-04 150,000
OpenFindnew askease-pro RCE Zero-Click 2020-09-04 150,000
OSPF Routing Protocolnew - RCE Zero-Click 2020-09-04 150,000
Other Office Windows RCE Zero-Click 2019-11-08 500,000
Outlooknew - RCE Zero-Click 2020-09-04 1500,000
Paloaltonew FireWall RCE Zero-Click 2020-09-04 150,000
Peplinknew - RCE Zero-Click 2020-09-04 150,000
PFsensenew FireWall RCE Zero-Click 2020-09-04 350,000
phabricatornew Code management system RCE Zero-Click 2020-09-04 150,000
PHPnew - RCE Zero-Click 2020-09-04 1500,000
PLESKnew - RCE Zero-Click 2020-09-04 800,000
Profibus protocolnew - RCE Zero-Click 2020-09-04 150,000
Pulse Securenew MAG RCE Zero-Click 2020-09-04 350,000
Pulse Securenew PSA RCE Zero-Click 2020-09-04 350,000
QEMUnew - VME Zero-Click 2020-08-07 800,000
Qnapnew - RCE Zero-Click 2020-09-04 150,000
Redminenew - RCE Zero-Click 2020-09-04 150,000
Ribbonnew Communications EdgeMarc RCE Zero-Click 2020-09-04 150,000
RoundCubenew - RCE Zero-Click 2020-09-04 150,000
Sangomanew FreePBX RCE Zero-Click 2020-09-04 150,000
Sangomanew Vege/NetBorder SBC/Media GateWay RCE Zero-Click 2020-09-04 150,000
Schneidernew Building System RCE Zero-Click 2020-08-07 350,000
schneidernew EcoStruxure ADMS Control systeam RCE Zero-Click 2020-09-04 200,000
schneidernew EcoStruxure Foxboro DCS control system RCE Zero-Click 2020-09-04 200,000
schneidernew PLC RCE Zero-Click 2020-09-04 200,000
SE Inno CMSnew - RCE Zero-Click 2020-09-04 150,000
SendMailnew - RCE Zero-Click 2020-09-04 1000,000
SharePointnew - RCE Zero-Click 2020-09-04 200,000
Siemensnew CMS X-Tools RCE Zero-Click 2020-09-04 200,000
Siemensnew MindConnect IoT2040 RCE Zero-Click 2020-09-04 200,000
Siemensnew MindConnect Power monitor RCE Zero-Click 2020-09-04 200,000
SIMATICnew WinCC RCE Zero-Click 2020-09-04 200,000
SNMPnew - RCE Zero-Click 2020-09-04 500,000
Solaris - LPE Zero-Click 2019-11-08 500,000
Solarwindsnew web help desk RCE Zero-Click 2020-09-04 150,000
Sonusnew SBC RCE Zero-Click 2020-09-04 150,000
Sophosnew FireWall/Cyberoam RCE Zero-Click 2020-09-04 200,000
Splunknew - RCE Zero-Click 2020-09-04 150,000
StormShieldnew Firewall RCE Zero-Click 2020-09-04 200,000
Struts2new - RCE Zero-Click 2020-09-04 350,000
SWIFTNetnew Allance RCE Zero-Click 2020-09-04 150,000
Symantecnew Endpoint Protection RCE Zero-Click 2020-09-04 150,000
Synologynew - RCE Zero-Click 2020-09-04 150,000
TACACSnew Server RCE Zero-Click 2020-09-04 150,000
Telegram Android/iOS RCE/LPE Zero-Click 2019-11-08 5,000,000
Telegramnew Server RCE Zero-Click 2020-09-04 150,000
Thinkphpnew - RCE Zero-Click 2020-09-04 500,000
Trend Micronew Control Manager RCE Zero-Click 2020-09-04 200,000
Trend Micronew IMSVA RCE Zero-Click 2020-09-04 200,000
Trend Micronew OfficeScan/Apex One RCE Zero-Click 2020-09-04 200,000
Unifynew X8 IP PBX RCE Zero-Click 2020-09-04 150,000
Virtual Boxnew - VME Zero-Click 2020-09-04 500,000
Vmwarenew Fusion VME Zero-Click 2020-09-04 800,000
VMware ESXi VMware ESXi VME Zero-Click 2019-11-08 1,500,000
VMware Workstation VMware Workstation VME Zero-Click 2019-11-08 600,000
Vnc Viewer Server Vnc Viewer Server RCE/DoS Zero-Click 2020-05-29 500,000
VxWorksnew - VME Zero-Click 2020-09-04 800,000
WatchGuardnew - RCE Zero-Click 2020-09-04 150,000
WebEOCnew 公共安全分析态势感知软件 RCE Zero-Click 2020-09-04 150,000
Weblogicnew - RCE Zero-Click 2020-09-04 350,000
WhatsApp Android/iOS RCE/LPE Zero-Click 2019-11-08 10,000,000
Whatsup Goldnew - RCE Zero-Click 2020-09-04 150,000
Windows Windows7/8/10/2008/2012 RCE Zero-Click 2019-11-01 10,000,000
Windowsnew WUSU update server RCE Zero-Click 2020-09-04 500,000
Winrarnew - RCE 1-Click 2020-09-04 500,000
Wordpressnew - RCE Zero-Click 2020-09-04 500,000
Yeastarnew S series VoIP PBX RCE Zero-Click 2020-09-04 150,000
Zabbixnew - RCE Zero-Click 2020-08-07 500,000
Zimbranew - RCE Zero-Click 2020-09-04 350,000
Zohonew ManageEngine Desktop Central RCE Zero-Click 2020-09-04 150,000

ALL:RCE + LPE;RCE(Remote Code Execution):远程代码执行;LPE(Local Privilege Escalation):本地权限提升;SBX(Sandbox Escape Bypass):沙盒逃逸绕过;VME(Virtual Machine Escape):虚拟机逃逸;FCWP(Full Chain (Zero-Click) with Persistence):完整的利用链

Vulnerability Submission

Q&A

1.Email
Please use your Email address and we will contact you by Email during the vulnerability confirmation.
2. What is the scope of the vulnerability?
Our focus is on the related 0day vulnerabilities within the target range given by the 'NVWA Project'. The target scope will be updated regularly, please keep an eye on it.
If your vulnerability is outside the scope of our target and the impact is large and serious, it may also become our receiving target. You can submit it and we will contact you after we evaluate.
3. How many vulnerability rewards can I get?
When you submit the vulnerability profile, you’re supposed to submit the vulnerability self-evaluation. Based on that we will evaluate and contact you for bargaining, only after the bargaining price has been approved by both side will the process proceed to the next step.
After receiving the details of the vulnerability sample, if we find that it does not match your previous description, we will conduct a second bargain.
4. What kind of vulnerability profile do I need to submit?
At the beginning of the process, please refer to the 'Vulnerability Submission' form. After the vulnerability negotiation is completed, you can submit the vulnerability details and a complete exploit.
5. When can I get rewards after submitting a vulnerability?
After submitting the full vulnerability description and exploit, we will confirm and issue a bonus based on the final bargaining result. The bonus will be paid in installments within 3 months.
The 50% bonus will be paid within 1 week after the vulnerability is confirmed, and the remaining 50% will be paid in 3 months.
The information related to the vulnerability you submitted should be kept confidential, if there is a leak due to the vulnerability submitter, we will deduct or cancel the reward according to the specific circumstances.
6. What does "Require" (such as "Zero-click") mean?
The interaction related requirement refers to any interaction action other than the attack scenario.
Opening the Office, opening a document, or using browser to open a link, and an application such as a mobile IM to open a link is considered an "attack scenario" and is not within the scope of "interaction requirements."
7. What should I do if I need to send sensitive information during the communication process?
During the communication process, if you are concerned that the information you send involves sensitive information, please use our public PGP key encryption.
              Our PGP public key is as follows:
public-key-service@nvwa.org