Banner object (1)

Hack and Take the Cash !

833 bounties in database
  Back Link to program      
10/10/2019
NeoPhotonics logo
Thanks
Gift
Hall of Fame
Reward

Reward

NeoPhotonics

NeoPhotonics invites you to test and help secure our network perimeter. We appreciate your efforts and hard work in making us more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!


Ratings/Rewards:

This program will not use the Vulnerability Rating Taxonomy, but the following rating system due to the nature of the scope.

Neophotonics is looking to make sure their perimeter is secure, as such, ratings will follow some general guidelines:

  • P1 (Critical) - Compromise of Firewall system by the attacker. Unauthorized remote users getting into the network through bypassing the firewall rules.
  • P2 (Important) - Any issue where a full bypass of the Firewall, IDS, main routers, or issues where unencrypted traffic can be derived. For full rewards, please provide a proof of concept and detailed information.
  • P3 (Moderate) - Any issue where a information about the internal structure of a network can be gleaned
  • P4 (Low) - Any issue with a current CVE that does not fall under the above categories.

The Common Vulnerability Scoring System (CVSS) methodology will be used for generating the numerical score reflecting the vulnerability severity. The numerical score can then be translated into a qualitative representation (such as Critical, High, Medium or Low)

Priority | CVSS | $ Amount
---|---|---
P1 | 9.0-10 | $2,500
P2 | 8.0-8.9 | $2,000
P2 | 7.5-7.9 | $1,500
P2 | 7.0-7.4 | $1,000
P3 | 6.0-6.9 | $500
P4 | 5.0-5.9 | Kudos
P4 | 4.0-4.9 | Kudos
P4 | 3.8-3.9 | Kudos
P4 | 2.0-3.7 | Kudos
P4 | 0.1-1.9 | Kudos

It is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Reward Range

Last updated 7 Oct 2019 19:07:33 UTC

Technical severity | Reward range
---|---
p1 Critical | $2,500 - $2,500
p2 Severe | $1,000 - $2,000
p3 Moderate | $500 - $500

P4 are only eligible to receive kudos points. P5 submissions do not receive any rewards for this program.

Targets

In scope

Target name | Type
---|---
14.21.44.66 | China, Shenzhen | China Telecom Internet | Juniper SRX550-645AP | Other
14.21.44.71 | China, Shenzhen | China Telecom Internet | Cisco ASA5525 | Other
118.143.229.114 | China, Shenzhen | Hong Kong Internet | Juniper SRX240H2 | Other
12.207.197.2 | US, San Jose | San Jose ATT Internet | Juniper SRX240H2 | Other
50.202.127.206 | US, San Jose | San Jose ComCast Internet | Juniper SRX240H2 | Other
122.249.69.25 | Japan, Takao | Takao NTT Internet | Juniper SRX240H2 | Other
122.249.69.26 | Japan, Takao | Takao NTT Internet | Cisco ASA5515 | Other
180.42.3.34 | Japan, Hachioji | Internet Firewall | Juniper SRX240H2 | Other
50.226.10.2 | US, San Jose-2 | Comcast Internet | Cisco ASA5525 | Other
209.36.104.2 | US, San Jose-2 | ATT Internet | Cisco ASA5525 | Other
12.207.197.44 | US, San Jose | ATT Internet | Cisco ASA5525 | Other

Testing is only authorized on the IP ranges listed as In-Scope. Any domain/property of Neophotonics not listed in the targets section is out of scope. This includes any/all ranges not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to support@bugcrowd.com before submitting.


Pivoting

In the event that you're able to access something internally, please do not pivot into other areas, or attempt to find issues internally. This is mainly an external network perimeter test.


Safe Harbor:

When conducting vulnerability research according to this policy, we consider this research to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
  • Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
  • Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
  • Lawful, helpful to the overall security of the Internet, and conducted in good faith.
  • You are expected, as always, to comply with all applicable laws.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through this program, or inquire via support@bugcrowd.com before going any further.

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name
web_application

14.21.44.66 | China, Shenzhen | China Telecom Internet | Juniper SRX550-645AP

web_application

14.21.44.71 | China, Shenzhen | China Telecom Internet | Cisco ASA5525

web_application

118.143.229.114 | China, Shenzhen | Hong Kong Internet | Juniper SRX240H2

web_application

12.207.197.2 | US, San Jose | San Jose ATT Internet | Juniper SRX240H2

web_application

50.202.127.206 | US, San Jose | San Jose ComCast Internet | Juniper SRX240H2

web_application

122.249.69.25 | Japan, Takao | Takao NTT Internet | Juniper SRX240H2

web_application

122.249.69.26 | Japan, Takao | Takao NTT Internet | Cisco ASA5515

web_application

180.42.3.34 | Japan, Hachioji | Internet Firewall | Juniper SRX240H2

web_application

50.226.10.2 | US, San Jose-2 | Comcast Internet | Cisco ASA5525

web_application

209.36.104.2 | US, San Jose-2 | ATT Internet | Cisco ASA5525

web_application

12.207.197.44 | US, San Jose | ATT Internet | Cisco ASA5525


This program have been found on Bugcrowd on 2019-10-10.

FireBounty © 2015-2019

Legal notices