IDORBugcrowdidoriotserial-enumhome-securitybroken-access-controlOPEN

IDOR on IoT device endpoints - impact escalation help

Home security IoT platform. Authenticated users can query monitoring status of arbitrary base stations by serial number - no ownership verification. A secondary endpoint (wifiCredentials) returns 500 when called with foreign serials, suggesting a crashed authorization check. The IDOR is clean and reproducible. What I need: (1) someone to help frame the physical security impact (serial-to-address mapping possibility), (2) determine if the wifiCredentials crash is exploitable beyond DoS, (3) tighten the severity argument for the triager. Currently P3 under review. DM @BugUnstuck on Twitter.