At Pwn2Own 2023 in Toronto on day two, vulnerabilities in printers, routers, trim speakers, and Samsung Galaxy S23s had been exploited by cybersecurity consultants. These distributors incorporated TP-Link, HP, Cannon, Synology, and Sonos.

Cybersecurity consultants bear already remodeled $400,000 on the first day after successfully breaking into the Samsung Galaxy S23 twice and showcasing zero-day assaults on NAS, printers, smartphones, and other gadgets.

EHA

That’s a wrap for Day 2 of #Pwn2Own Toronto 2023 – we’ve awarded a total of $801,250 to this level this week! We’ll be attend the next day with one more paunchy day of makes an attempt. See the paunchy schedule and this day’s results at https://t.co/SOqsl3FaeD

Leaderboard as of this day: pic.twitter.com/uP0qDU7Kp7

— Zero Day Initiative (@thezdi) October 25, 2023

Highlights of Day 2

Crew Viettel became as soon as the first to head up towards the Sonos Generation 100, successfully executing an OOB write. They receive 6 Grasp of Pwn factors and $30,000.

A impart in the Lexmark CX331adwe and one more in the TP-Link Omada Gigabit Router had been both exploited by Chris Anastasio. He receives 10 Grasp of Pwn factors and $100,000.

A stack overflow assault towards the TP-Link Omada Gigabit Router and two vulnerabilities in the QNAP TS-464 had been successfully conducted by a DEVCORE intern. They receive $50,000 to boot to 10 Grasp of Pwn factors.

Crew Viettel conducted a stack-basically based totally buffer overflow assault towards the HP Shade LaserJet Pro MFP 4301fdw. They receive $20,000 to boot to 2 Grasp of Pwn factors.

One flaw towards the Synology RT6600ax and a 3-trojan horse chain towards the QNAP TS-464 for the SOHO Smashup allowed Crew Orca of Sea Security to kill the assault. They receive 10 Grasp of Pwn factors and $50,000.

Success! Crew Orca of Sea Security became as soon as in a voice to attain their assault with one trojan horse towards the Synology RT6600ax and a 3-trojan horse chain towards the QNAP TS-464 for the SOHO Smashup. They originate $50,000 and 10 Grasp of Pwn factors. #Pwn2Own pic.twitter.com/jYjMJ2xS8s

— Zero Day Initiative (@thezdi) October 25, 2023

Sonar successfully conducted a present injection on the Wyze Cam v3. They receive 3 Grasp of Pwn factors and $30,000.

Interrupt Labs successfully conducted an spoiled input validation assault towards the Samsung Galaxy S23. They receive 5 Grasp of Pwn factors and $25,000.

ToChim became as soon as in a voice to milk a permissive checklist of allowed inputs towards the Samsung Galaxy S23. They receive 5 Grasp of Pwn factors and $25,000.

Success! ToChim became as soon as in a voice to milk a permissive checklist of allowed inputs towards the Samsung Galaxy S23. They originate $25,000 and 5 Grasp of Pwn factors. #Pwn2Own pic.twitter.com/rWOp4SVL3u

— Zero Day Initiative (@thezdi) October 25, 2023

ANHTUD launched a stack-basically based totally buffer overflow assault towards the Canon imageCLASS MF753Cdw. $10k and 2 Grasp of Pwn factors are awarded to them.

This week, the contestants bear received awards totaling $801,250. The aggressive contest’s paunchy schedule could very well be viewed here. Here’s a checklist of the Day 2 results for the Pwn2Own Toronto 2023.

TP-Link, HP Printer, Samsung Galaxy S23 Hacked At Pwn2Own 2023 – Day Two

Highlights of Day 2

Hackers Exploit Roundcube Zero-day to Attack Government Email Servers

Hackers Hijack Facebook Business Accounts to Run Malicious Ads

Related Posts