Cart

Your Cart is Empty

Back To Shop

Cart

Your Cart is Empty

Back To Shop

Pwn2Own Toronto 2023 – Day Three Results

Welcome to Day 3 of Pwn2Own Toronto 2023! We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Eastern (GMT -4:00).


FAILURE – The DEVCORE Intern was unable to get their exploit of the Canon imageCLASS MF753Cdw working within the time allotted.

BUG COLLISION – Interrupt Labs was able to execute an RCE attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points.

FAILURE – Team Orca of Sea Security was unable to get their exploit of the Xiamoi 13 Pro working within the time allotted.

WITHDRAWAL – ToChim withdrew their attempt to target the Xiaomi 13 Pro.

BUG COLLISION – Claroty was able to execute a 4-bug chain against the TP-Link Omada Gigabit Router and Synology BC500 for the SOHO Smashup. However, one of the bugs they used was previously known. They still earn $40,750 and 8.25 Master of Pwn points.

SUCCESS – STEALIEN executed a stack-based buffer overflow attack against the Wyze Cam v3 resulting in a root shell. They earn $15,000 and 3 Master of Pwn Points.

SUCCESS – Rafal Goryl used a 2-bug chain to exploit the Wyze Cam v3 and gain a root shell. He earns $15,000 and 3 Master of Pwn Points.

BUG COLLISION – Team Orca of Sea Security was able to execute their attack against the Samsung Galaxy S23. However, the bug they used was previously known. They still earn $6,250 and 1.25 Master of Pwn points.

SUCCESS – Team Viettel was able to execute a stack-based buffer overflow attack leading to RCE against the Lexmark CX331adwe. They earn $10,000 and 2 Master of Pwn points.

FAILURE – Interrupt Labs was unable to get their exploit of the Xiaomi 13 Pro working within the time allotted.

SUCCESS – Synacktiv was able to execute a heap-based buffer overflow in the kernel triggered via WiFi and leading to RCE against the Wyze Cam v3. They earn $15,000 and 3 Master of Pwn points.

WITHDRAWAL – ANHTUD withdrew their attempt to target the Xiaomi 13 Pro.

BUG COLLISION – Sina Kheirkhah was able to exploit a stack-based buffer overflow and a missing authentication for critical function against the TP-Link Omada Gigabit Router and the Lexmark CX331adwe for the SOHO Smashup. However, one of the bugs he used was previously known. He still earns $31,250 and 6.25 Master of Pwn points.


That’s a wrap for Day 3 of Pwn2Own Toronto 2023 – total prize payout is now $938,250! We’ll be back tomorrow with our last few attempts to see if we can break $1 million in prizes. Follow along on Twitter, YouTube, Mastodon, LinkedIn, and Instagram.