iRobot API Endpoints Added to Scope
We hope your testing is going well. Here is an update that should make things a bit more interesting!
There have been some new API Endpoints on the iRobot program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new:
The In-Scope API Gateway Endpoints require proper authentication to execute any commands. The Focus Area for these targets are on reports that can bypass and circumvent the authentication implementation. Each endpoint accepts the following HTTP Methods:
As always, please see the program brief for the full details around testing. If you have any questions, please reach out to email@example.com.
Get out there and lay claim to those bugs!