Cart

Your Cart is Empty

Back To Shop

Cart

Your Cart is Empty

Back To Shop

Pwn2Own Toronto 2023 – Day One Results

Welcome to Pwn2Own Toronto 2023! We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Eastern (GMT -4:00).


FAILURE – Peter Geissler was unable to get his exploit of the Canon imageCLASS MF753Cdw working within the time allotted.

SUCCESS – Binary Factory was able to execute their stack-based buffer overlow attack against the Synology BC500. They earn $30,000 and 3 Master of Pwn points.

SUCCESS – Pentest Limited was able to execute their 2-bug chain against the My Cloud Pro Series PR4100 using a DoS and SSRF. They earn $40,000 and 4 Master of Pwn points.

SUCCESS – Team Viettel was able to execute a single-bug attack against the Xiaomi 13 Pro. They earn $40,000 and 4 Master of Pwn points.

SUCCESS – Nguyen Quoc Viet was able to execute a buffer overflow attack against the Canon imageCLASS MF753Cdw. He earns $20,000 and 2 Master of Pwn points.

SUCCESS – Synacktiv was able to execute a 3-bug chain against the Synology BC500. They earn $15,000 and 3 Master of Pwn points.

SUCCESS – Team Orca of Sea Security was able to execute a 2-bug chain using an OOB Read and UAF against the Sonos Era 100. They earn $60,000 and 6 Master of Pwn points.

SUCCESS – Team ECQ was able to execute a 3-bug chain using an SSRF and two injection vulnerabilities against the QNAP TS-464. They earn $40,000 and 4 Master of Pwn points.

BUG COLLISION – Compass Security was able to execute their stack overflow attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points.

SUCCESS – “Ben” was able to execute a stack-based buffer overflow against the Canon imageCLASS MF753Cdw. He earns $10,000 and 2 Master of Pwn points.

SUCCESS – Pentest Limited was able to execute an Improper Input Validation against the Samsung Galaxy S23. They earn $50,000 and 5 Master of Pwn points.

SUCCESS – Team Viettel was able to execute a 2-bug chain against the QNAP TS-464. They earn $20,000 and 4 Master of Pwn points.

SUCCESS – Team PHPHooligans were able to execute a memory corruption bug leading to RCE against the Lexmark CX331adwe. They earn $20,000 and 2 Master of Pwn points.

SUCCESS – STAR Labs SG was able to execute a 2-bug chain including directory traversal and command injection against the QNAP TS-464. They earn $20,000 and 4 Master of Pwn points.

FAILURE – Interrupt Labs was unable to get their exploit of the Lexmark CX331adwe working within the time allotted.

SUCCESS – NCC Group was able to execute their attack against the Xiaomi 13 Pro. They earn $20,000 and 4 Master of Pwn points.

SUCCESS – Team Viettel was able to execute a stack-based buffer overflow attack against the Canon imageCLASS MF753Cdw. They earn $10,000 and 2 Master of Pwn points.

SUCCESS STAR Labs SG was able to exploit a permissive list of allowed inputs against the Samsung Galaxy S23. They earn $25,000 and 5 Master of Pwn points.

BUG COLLISION – Thales was able to execute their attack against the QNAP TS-464. However, the exploit they used was previously known. They still earn $12,500 and 2.5 Master of Pwn points.

BUG COLLISION – R-sec was able to execute their stack buffer overflow attack against the Canon imageCLASS MF753Cdw. However, the exploit they used was previously known. They still earn $2,500 and 0.5 Master of Pwn points.


That’s a wrap for Day 1 of Pwn2Own Toronto 2023 – we’ve already awarded over $400,000 in prizes! We’ll be back tomorrow with another full day of attempts, so follow along on Twitter, YouTube, Mastodon, LinkedIn, and Instagram.