Targets of interest:
- Operating systems: Windows (RCE and PE)
- Mobile: iOS (PE from within the Sandbox) / Android / Baseband
- Web Browsers: Chrome (RCE or SBX) / Safari / Firefox (RCE)
- Routers and Routers OS
Fritz!Box
Ubiquiti AirCube
Netgear, TP-Link, D-Link
OpenWRT
DD-WRT
DASAN H660GW optical network terminal - Web Panels & Mail Servers
cPanel
Plesk
WHMCS
Open-Xchange
Zimbra
VestaCP
aaPanel
Microsoft Exchange
Froxlor
EasyEngine - Content Management Systems
WordPress
Confluence
SharePoint - Network Monitoring / Firewalls / Virtualization
SolarWinds Orion
Virtualizor
SolusVM
Zabbix
F5 Big-IP
Cisco ASA
Zyxel Network VPN Firewall - Other
Asterisk (VOIP)
Anydesk
Microsoft Office
Wire Mobile and desktop app
Got a vulnerability out of this scope? Send us an email, we can still help: contact@ssd-disclosure.com
Currently not in our focus:*
- Mobile: OPPO / Oneplus / Realme / Xiaomi
- Web Hosting Control Panel: DirectAdmin / Webmin / Aegir
- Mailserver: Dovecot / Roundcube / MDaemon / Horde / Exim / Postfix / IceWarp
- Content Management Systems: Joomla / Drupal
- Embedded: QNAP, Tenda, Asus, Juan, Dahua
- IoT: IP Camera (TVT/Foscam) / Smart Video Phones / Smart Home Hubs ( i.e. XIAOMI Mi control hub)
- Network Management Systems: Nagios / PRTG / Cacti
- Mobile Applications: Whatsapp / Facebook Messenger / iMessage / FaceTime / Instagram / Youtube / GoogleMaps / Truecaller / Skype / Telegram
- Git server: GitHub / GitLab enterprise / Bitbucket
- Others: Atlassian JIRA / PHP / .NET / Firewalls / Protocols / Apache / Engine X / IIS / EMS (AhnLab Policy Center) / Slack
Products Out of scope**
- Routers: NETGEAR R7000 / Hongdian
- Smarty Template Engine
* If you are currently researching any of these products and think you found something we may be interested in, we would love to discuss it
** At the moment we no longer accept these products’ vulnerabilities.