###The *.belkin.com and *.linksys.com web domains are not in scope of this program
##IN SCOPE
- Wireless Routers
- Range Extenders
- Wireless Dongles
- Wired Switches
- Business class access points, routers, and switches
- Networking accessories
##NOT IN SCOPE
Any services or systems that are hosted by third party providers or Belkin International owned property, services be it physical or intellectual. This includes and is may not only limited to:
- *.linksys.com web endpoints
- *.belkin.com web endpoints
- WeMo Cloud
- Linksys Smart Wi-Fi Cloud
- Netcam services such as iSecurity+, Seedonk Cloud servers, Services and Intellectual Property
- IFTTT (If This Then That Cloud Services)
All items below are off limits in your testing:
- Belkin International office facilities (e.g. open doors, tailgating, vandalism)
- Belkin International websites and their sub-domains (Belkin.com, Linksys.com, wemothat.com, etc.)
- Any servers or services that Belkin or Linksys products or any of its partners may redirect or forward to.
- Belkin IT maintained databases, such as employee lists, customer lists, CA support DB, product registration database, marketing databases, etc.
- Social Engineering (e.g. phishing, vishing)
- Non Security related defects such as Functional, UI and UX bugs
- Denial of Service (DoS/DDoS) vulnerabilities
##HOW TO SUBMIT
To report a potential security vulnerability or concern, please contact the appropriate security resource via email:
- For Belkin and WeMo branded products: [email protected]
- For Linksys branded products: [email protected]
Please use our PGP key when submitting potential security vulnerabilities.
Belkin and WeMo PGP key »
Linksys PGP key »
Please include the following details in your email:
- Subject line must contain a brief high-level description of the issue
- The body of the email must contain:
- Belkin/Linksys product name and model number (generally located on the bottom or back of the product)
- Application Version
- Firmware Version
- Description of the concern or vulnerability (if you have a script or PoC it helps in turnaround time)
- Any information to help our team reproduce the issue
For WeMo and Belkin branded products we recommend using our public PGP key located here to encrypt the email content that can be submitted to [email protected].
For Linksys branded products we recommend using our public PGP key located here to encrypt the email content that can be submitted to [email protected].
BELKIN RESPONSE TIME
After receiving your email, our Application Security team will verify and analyze the issues that you have reported. Please give us up to 2 business days for an initial response.
