At Pwn2Own 2023 in Toronto on day two, vulnerabilities in printers, routers, smart speakers, and Samsung Galaxy S23s were exploited by cybersecurity experts. These vendors included TP-Link, HP, Cannon, Synology, and Sonos.
Cybersecurity experts have already made over $400,000 on the first day after successfully breaking into the Samsung Galaxy S23 twice and showcasing zero-day attacks on NAS, printers, smartphones, and other devices.
Highlights of Day 2
Team Viettel was the first to go up against the Sonos Era 100, successfully executing an OOB write. They get 6 Master of Pwn points and $30,000.
An issue in the Lexmark CX331adwe and another in the TP-Link Omada Gigabit Router were both exploited by Chris Anastasio. He receives 10 Master of Pwn points and $100,000.
A stack overflow attack against the TP-Link Omada Gigabit Router and two vulnerabilities in the QNAP TS-464 were successfully carried out by a DEVCORE intern. They receive $50,000 as well as 10 Master of Pwn points.
Team Viettel performed a stack-based buffer overflow attack against the HP Colour LaserJet Pro MFP 4301fdw. They receive $20,000 as well as 2 Master of Pwn points.
One flaw against the Synology RT6600ax and a three-bug chain against the QNAP TS-464 for the SOHO Smashup allowed Team Orca of Sea Security to carry out the attack. They receive 10 Master of Pwn points and $50,000.
Sonar successfully performed a command injection on the Wyze Cam v3. They get 3 Master of Pwn points and $30,000.
Interrupt Labs successfully performed an improper input validation attack against the Samsung Galaxy S23. They get 5 Master of Pwn points and $25,000.
ToChim was able to exploit a permissive list of allowed inputs against the Samsung Galaxy S23. They get 5 Master of Pwn points and $25,000.
ANHTUD launched a stack-based buffer overflow attack against the Canon imageCLASS MF753Cdw. $10k and 2 Master of Pwn points are awarded to them.
This week, the contestants have received awards totaling $801,250. The competitive contest’s full schedule may be seen here. This is a list of the Day 2 results for the Pwn2Own Toronto 2023.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.