TP-Link, HP Printer, Samsung Galaxy S23 Hacked At Pwn2Own


At Pwn2Own 2023 in Toronto on day two, vulnerabilities in printers, routers, smart speakers, and Samsung Galaxy S23s were exploited by cybersecurity experts. These vendors included TP-Link, HP, Cannon, Synology, and Sonos. 

Cybersecurity experts have already made over $400,000 on the first day after successfully breaking into the Samsung Galaxy S23 twice and showcasing zero-day attacks on NAS, printers, smartphones, and other devices.

EHA

Highlights of Day 2

Team Viettel was the first to go up against the Sonos Era 100, successfully executing an OOB write. They get 6 Master of Pwn points and $30,000.

An issue in the Lexmark CX331adwe and another in the TP-Link Omada Gigabit Router were both exploited by Chris Anastasio. He receives 10 Master of Pwn points and $100,000.

A stack overflow attack against the TP-Link Omada Gigabit Router and two vulnerabilities in the QNAP TS-464 were successfully carried out by a DEVCORE intern. They receive $50,000 as well as 10 Master of Pwn points.

Team Viettel performed a stack-based buffer overflow attack against the HP Colour LaserJet Pro MFP 4301fdw. They receive $20,000 as well as 2 Master of Pwn points.

One flaw against the Synology RT6600ax and a three-bug chain against the QNAP TS-464 for the SOHO Smashup allowed Team Orca of Sea Security to carry out the attack. They receive 10 Master of Pwn points and $50,000.

Sonar successfully performed a command injection on the Wyze Cam v3. They get 3 Master of Pwn points and $30,000.

Interrupt Labs successfully performed an improper input validation attack against the Samsung Galaxy S23. They get 5 Master of Pwn points and $25,000.

ToChim was able to exploit a permissive list of allowed inputs against the Samsung Galaxy S23. They get 5 Master of Pwn points and $25,000.

ANHTUD launched a stack-based buffer overflow attack against the Canon imageCLASS MF753Cdw. $10k and 2 Master of Pwn points are awarded to them.

This week, the contestants have received awards totaling $801,250. The competitive contest’s full schedule may be seen here. This is a list of the Day 2 results for the Pwn2Own Toronto 2023.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.





Source link