• $200 – $7,000 per vulnerability
  • Safe harbor

iRobot API Endpoints Added to Scope

We hope your testing is going well. Here is an update that should make things a bit more interesting!

There have been some new API Endpoints on the iRobot program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new:

The In-Scope API Gateway Endpoints require proper authentication to execute any commands. The Focus Area for these targets are on reports that can bypass and circumvent the authentication implementation. Each endpoint accepts the following HTTP Methods:

Endpoint URL HTTP Methods GET,POST{entitlement_id} PUT, DELETE POST{robot_id}/entitlements GET{user_id}/entitlements GET

As always, please see the program brief for the full details around testing. If you have any questions, please reach out to

Get out there and lay claim to those bugs!