Cart

Your Cart is Empty

Back To Shop

Cart

Your Cart is Empty

Back To Shop

Pwn2Own Toronto 2023 – Day Two Results

Welcome to Day 2 of Pwn2Own Toronto 2023! We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Eastern (GMT -4:00).


SUCCESS – Team Viettel was able to execute an OOB write against the Sonos Era 100. They earn $30,000 and 6 Master of Pwn points.

SUCCESS – Chris Anastasio was able to exploit a bug in the TP-Link Omada Gigabit Router and another in the Lexmark CX331adwe. He earns $100,000 and 10 Master of Pwn points.

BUG COLLISION – Bugscale was able to execute their stack-based buffer overflow attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points.

SUCCESS – A DEVCORE Intern was able to execute a stack overflow attack against the TP-Link Omada Gigabit Router and exploit two bugs in the QNAP TS-464. They earn $50,000 and 10 Master of Pwn points.

SUCCESS – Team Viettel was able to execute a stack-based buffer overflow attack against the HP Color LaserJet Pro MFP 4301fdw. They earn $20,000 and 2 Master of Pwn points.

WITHDRAWAL – Peter Geissler withdrew his attempt to target the Wyze Cam v3.

WITHDRAWAL – Eason Liu withdrew his attempt to target the Xiaomi 13 Pro.

BUG COLLISION – Interrupt Labs was able to execute their stack-based buffer overflow attack against the Canon imageCLASS MF753Cdw. However, the exploit they used was previously known. They still earn $2,500 and 0.5 Master of Pwn points.

BUG COLLISION – SAFA ex Teamt5 was able to execute their stack-based buffer overflow attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points.

SUCCESS – Team Orca of Sea Security was able to execute their attack with one bug against the Synology RT6600ax and a three-bug chain against the QNAP TS-464 for the SOHO Smashup. They earn $50,000 and 10 Master of Pwn points.

BUG COLLISION – The VNG Security Response Center was able to execute a 2-bug chain against the QNAP TS-464. However, the exploit they used was previously known. They still earn $5,000 and 1 Master of Pwn point.

BUG COLLISION – Sina Kheirkhah was able to execute an RCE attack against the Synology BC500. However, the exploit he used was previously known. He still earns $3,750 and 0.75 Master of Pwn points.

SUCCESS – Sonar was able to execute a command injection against the Wyze Cam v3. They earn $30,000 and 3 Master of Pwn points.

BUG COLLISION – SEFCOM T0 was able to execute a command injection against the Wyze Cam v3. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points.

WITHDRAWAL – Peter Geissler withdrew his attempt to target the QNAP TS-464.

WITHDRAWAL – Chris Anastasio withdrew his attempt to target the Lexmark CX331adwe.

SUCCESS – Interrupt Labs was able to execute an improper input validation attack against the Samsung Galaxy S23. They earn $25,000 and 5 Master of Pwn points.

FAILURE – Nettitude was unable to get their exploit of the Canon imageCLASS MF753Cdw working within the time allotted.

SUCCESS – ToChim was able to exploit a permissive list of allowed inputs against the Samsung Galaxy S23. They earn $25,000 and 5 Master of Pwn points.

SUCCESS – ANHTUD was able to execute a stack-based buffer overflow attack against the Canon imageCLASS MF753Cdw. They earn $10,000 and 2 Master of Pwn points.


That’s a wrap for Day 2 of Pwn2Own Toronto 2023 – we’ve awarded a total of $801,250 so far this week! We’ll be back tomorrow with another full day of attempts, so follow along on Twitter, YouTube, Mastodon, LinkedIn, and Instagram.