Instruction: Are in the scope:
admin.getmeetio.com
storage.getmeetio.com
stats-api.getmeetio.com
api.getmeetio.com
look.getmeetio.com
parse.getmeetio.com
Integrity requirements: medium
Max severity: critical
Asset identifier: *.harmonyremote.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.logi.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: medium
Eligible for bounty:
Eligible for submissions: true
Instruction: Other logi.com domains not explicitly listed.
Instruction: Other logitech websites not explicitly listed
Integrity requirements: medium
Max severity: critical
Asset identifier: *.logitech.io
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: Other domains under logitech.io not explicitly listed.
Integrity requirements: high
Max severity: critical
Asset identifier: *.logitechauthorization.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.logitechmusic.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: This domain is for a legacy product. We will accept reports, but resolving times may be long for lower priority issues as there are limited customer's still using it.
Integrity requirements: medium
Max severity: critical
Asset identifier: *.lucra.live
Asset type: URL
Availability requirement: medium
Confidentiality requirement: medium
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.lukwerks.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: low
Max severity: medium
Asset identifier: *.melonapp.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: medium
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.mevo.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: medium
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.myharmony.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: This domain is for a legacy product. We will accept reports, but resolving times may be long for lower priority issues as there are limited customer's still using it.
Integrity requirements: high
Max severity: critical
Asset identifier: *.mysqueezebox.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.oslo.io
Asset type: URL
Availability requirement: medium
Confidentiality requirement: medium
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.slimdevices.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: This domain is for a legacy product. We will accept reports, but resolving times may be long for lower priority issues as there are limited customer's still using it.
Integrity requirements: medium
Max severity: critical
Asset identifier: *.streamlabs.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.streamlabscharity.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.uesmartradio.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: This domain is for a legacy product. We will accept reports, but resolving times may be long for lower priority issues as there are limited customer's still using it.
Integrity requirements: medium
Max severity: critical
Asset identifier: *.ultimateearsuniversity.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: *.wlo.link
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: *vc.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: 1018340690
Asset type: APPLE_STORE_APP_ID
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is the iOS app for the Circle ecosystem of devices,
Integrity requirements: medium
Max severity: critical
Asset identifier: 1294578643
Asset type: APPLE_STORE_APP_ID
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This app is Streamlabs: Stream Live by Streamlabs
Integrity requirements: medium
Max severity: critical
Asset identifier: 1456293789
Asset type: APPLE_STORE_APP_ID
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: This app is Logi Tune by Logitech Inc.
Integrity requirements: medium
Max severity: high
Asset identifier: 1476615877
Asset type: APPLE_STORE_APP_ID
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This app is Streamlabs Deck by Streamlabs
Integrity requirements: medium
Max severity: critical
Asset identifier: 632344648
Asset type: APPLE_STORE_APP_ID
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: App: BOOM & MEGABOOM by Ultimate Ears
Integrity requirements: medium
Max severity: critical
Asset identifier: Circle Cameras
Asset type: HARDWARE
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Please note exploits resulting from physical hacks to the device itself are out of scope, and any received reports will be marked N/A in accordance with HackerOne policy. Please refrain from submitting reports for physical hacks to avoid losing Reputation.
At this time we are unable to provide Circle devices for testing purposes. If you already own a Circle , hack away to your heart's content, otherwise watch this space for updates!
Eligible models include all Circle cameras (Circle View Doorbell, Circle View Camera, Circle 2, Circle) running the latest firmware.
Integrity requirements: high
Max severity: critical
Asset identifier: G Hub
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: Only the latest version of GHub is in scope.
Integrity requirements: low
Max severity: high
Asset identifier: Harmony Remote Software
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: The Harmony Desktop software for PC / MAC.
Instruction: Logi Options+ software lets you configure your Logitech device.
The latest version is eligible (PC & MAC).
Integrity requirements: medium
Max severity: high
Asset identifier: Logi Tune PC/MAC
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Logi Tune Desktop application for PC and MAC reports are eligible as long as they are on the latest version.
Integrity requirements: medium
Max severity: high
Asset identifier: Logitech Mice & Keyboards
Asset type: HARDWARE
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: The current generation of Logitech Keyboards and Mouses.
Integrity requirements: low
Max severity: high
Asset identifier: Logitech Options PC/MAC
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty:
Eligible for submissions: true
Instruction: Logitech Options software lets you customize your Logitech device.
The latest version is eligible (PC & MAC).
Integrity requirements: medium
Max severity: high
Asset identifier: Logitech Sync
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is Sync Desktop Application by Logitech. The latest version is eligible.
Integrity requirements: high
Max severity: critical
Asset identifier: Other Logitech Desktop and Mobile Application
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: This covers all Logitech Desktop and Mobile applications not specifically defined by other assets.
Integrity requirements: medium
Max severity: critical
Asset identifier: Other Logitech Hardware/IoT
Asset type: HARDWARE
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Other current generations Hardware/IoT devices not explicitly listed in the asset list.
Logitech Security Team might reward a report up to their discretion.
Asset identifier: Scope Questions: Items not explicitly listed here
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: If you have a question about something that is not explicitly listed (or falls under a wildcard domain), please submit a report and we will provide clarification. We will allow you to self close that report after we answer your question.
Asset identifier: USB Unifying and LightSpeed Receivers
Asset type: HARDWARE
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: Ultimate Ears Speakers
Asset type: HARDWARE
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Products in scope are the current generation
BLAST, MEGABLAST, BOOM 3, MEGABOOM 3, WONDERBOOM 2, HYPERBOOM, POWER UP
Integrity requirements: low
Max severity: medium
Asset identifier: Video Conferencing Products
Asset type: HARDWARE
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: All products running their latest firmware listed in the page below are eligible:
https://www.logitech.com/en-us/video-collaboration/products
Integrity requirements: high
Max severity: critical
Asset identifier: accounts.logi.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Non production testing site exists under sandbox.accounts.logi.com
Integrity requirements: high
Max severity: critical
Asset identifier: alert.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: low
Max severity: high
Asset identifier: buy.logitech.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: The service hosted on buy.logitech.com is provided by a 3rd party called Digital River. We will forward reports to them.
Integrity requirements: high
Max severity: critical
Asset identifier: circle.logi.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Also includes the *.video.logi.com and *.circle.logi.com
See developer documentation at https://developers.logitech.com/circle
Integrity requirements: high
Max severity: critical
Asset identifier: com.getmeetio.*
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Are in the scope:
Meetio Room (com.getmeetio.room), Android
Meetio View (com.getmeetio.view), Android
Meetio Desk (com.getmeetio.meetiodesk), Android
Meetio Update (com.getmeetio.update), Android
Meetio System (com.getmeetio.system), Android
Meetio Personal (com.getmeetio.personal), Android
Integrity requirements: medium
Max severity: critical
Asset identifier: com.getmeetio.Meetio-Enterprise
Asset type: APPLE_STORE_APP_ID
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Meetio Personal (com.getmeetio.Meetio-Enterprise), iOS
Integrity requirements: medium
Max severity: critical
Asset identifier: com.logitech.circle
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This app is part of the Circle ecosystem of camera devices.
Integrity requirements: medium
Max severity: critical
Asset identifier: com.logitech.logue
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: This App is Logi Tune for Zone Headsets by Logitech
Integrity requirements: medium
Max severity: high
Asset identifier: com.logitech.ueboom
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: App: BOOM & MEGABOOM by Ultimate Ears
Integrity requirements: medium
Max severity: critical
Asset identifier: com.streamlabs
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is the "Streamlabs: Live Streaming" App by Streamlabs
Integrity requirements: medium
Max severity: critical
Asset identifier: com.streamlabs.slobsrc
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: community.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: external.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: Also includes: vcp-external.logitech.com and external-qa.logitech.com
Integrity requirements: medium
Max severity: critical
Asset identifier: feedback.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: gaming.logicool.co.jp
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: id.logi.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: jira.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: Also includes jira.logitech.io
Integrity requirements: high
Max severity: critical
Asset identifier: logilife.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: logitech.zendesk.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: logitechg.com.cn
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: logitechgchallenge.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements:
Max severity: critical
Asset identifier: maintenance.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: meetiobook.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: outage.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: outagehistory.logitech.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: partner.logitech.com
Asset type: URL
Availability requirement: none
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: select.logitech.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: support.logi.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: sync.logitech.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Cloud service associated with the Logitech Sync application
Integrity requirements: high
Max severity: critical
Asset identifier: www.astrogaming.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: www.jaybirdsport.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: www.logicool.co.jp
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: www.logitech-partner.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements: medium
Max severity: critical
Asset identifier: www.logitech.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: www.logitech.com.cn
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Ineligible for bounty:
store.logitech.com.cn is a hosted 3rd party service, so we will forward any reports onto the vendor.
Integrity requirements: high
Max severity: critical
Asset identifier: www.logitech.com/my-account
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: Only the sections of www.logitech.com that deal with Logitech Accounts. This is typically anything accessed once you click My-Account and login, or create an account.
