XORP Vulnerability scope

PLEASE NOTE: As of October 1st, 2021, we do no longer accept XORP submissions. In the meantime, check out our full scope for a complete list of eligible items.

This page will be updated once XORP is eligible again.

XORP is an open networking platform that supports multiple routing protocols. XORP supports various Linux distributions and flavors of BSD.

XORP’s primary goal is to provide an alternative to proprietary and closed networking products in the marketplace today. It is the only open source platform to offer integrated multicast capability.

We are currently looking for the following items on XORP:

  • A protocol weakness allowing code execution
  • Code/command execution
  • Authentication bypass
  • Command injection

Think you figured out how to run unauthenticated commands on XORP? We are looking for you! Found something not on this list? We still want to buy it! 

No Bug Bounty Leaderboards, only safe disclosures