• Partial safe harbor

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 21
  • Validation within about 1 hour 75% of submissions are accepted or rejected within about 1 hour

Latest hall of famers

Recently joined this program


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

An eero system is made up of an embedded device, which we refer to as a node, that provides WIFi functionality either singly or in a mesh with other nodes. Nodes are controlled via using mobile applications on both iOS and Android, which communicate with the nodes via a cloud service. The nodes run a customized version of Linux with some proprietary software as well as a significant number of open source components. The eero Bugcrowd program aims to cover all three aspects of the eero system: node, cloud, and mobile apps.

Our goal for for this program is to ensure the security of the eero system as a whole, with a focus on preventing an attacker from being able to control a set of nodes in a distributed manner or being able to gain information about the user via information leakage.

This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

In addition to the Bugcrowd VRT, eero has developed some more applicable ratings and categories that are specific to these targets. This supplemental VRT can be seen here.


Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email We will address your issue as soon as possible.