Pwn2Own Toronto 2022 - Day Two Results

December 07, 2022 | Dustin Childs

Welcome back to Pwn2Own Toronto! Yesterday, we awarded $400,000 for 26 unique 0-days. We saw the Samsung Galaxy exploited twice and two successful demonstrations in the SOHO Smashup category. Today’s event’s look to be just as exciting. We’ll be updating this blog with results throughout the day.

Results current as of 21:15. All times Eastern (GMT-5). All denominations are in USD.

SUCCESS - for the first attempt of Day 2, ANHTUD Information Security Department was able to execute exploits against 2 bugs (one being a stack-based buffler overflow) on a HP Color LaserJet Pro M479fdw in the Printer category. They earn $10K and 2 Master of Pwn points.

We are not camera shy here at Pwn2Own!

BUG COLLISION - PHPHooligans was able to execute 2 exploits against the WAN interface of the NETGEAR RAX30 AX2400 in the Router category. However, the exploits they used were previously used in the competition. They still earn $10K and 1 Master of Pwn points.

SUCCESS and BUG COLLISION - Bugscale was able to succesfully launch an attack against the Synology router and HP Printer in today's first SOHO SMASHUP challenge using one unique bug and another previously known bug. They earn $37,500 and 7.5 Master of Pwn points.

SUCCESS - Toan Pham and Tri Dang from Qrious Secure were able to execute an attack using 2 bugs against the Sonos One Speaker in the Smart Speaker category. They earn $60K and 6 Master of Pwn points.

SUCCESS - Team Viettel was able to execute their Command Injection, Root Shell attack against the LAN interface of the TP-Link AX1800 in the Router category. They earn $5K and 1 Master of Pwn points.

Team Viettel (@rskvp93, @_q5ca, @hoangnx99 from @vcslab)

SUCCESS - Le Tran Hai Tung was able to execute an OOB Write attack against the Canon imageCLASS MF743Cdw in the Printer category. They earn $10K and 2 Master of Pwn points.

Pwned!

SUCCESS - Synacktiv was able to execute their command injection attack against the Lexmark MC3224i in the Printer category. They earn $10K and 2 Master of Pwn points.

Lexmark Pwn!

SUCCESS and BUG COLLISION - STAR Labs was able to succesfully launch an attack against the Sonos One Speaker in the Smart Speaker category using one unique bug and another previously known bug. They earn $22,500 and 4.5 Master of Pwn points.

Sonos Pwned!

BUG COLLISION - Summoning Team was able to execute their command injection attack against the LAN interface of the Synology RT6600ax in the Router category. However, the exploit they used was already used earlier in the competition. They still earn $1250 and 0.5 Master of Pwn points.

Collision! But still earns some coin!

SUCCESS and BUG COLLISION - NCC Group EDG was able to succesfully launch an attack against the WAN interface of the NETGEAR RAX30 AX2400 in the Router category using one unique bug and another N-day. They earn $7.5K and 1.5 Master of Pwn points.

SUCCESS - Team Viettel was able to execute their stack-based buffer overflow attack against the Canon imageCLASS MF743Cdw in the Printers category . They earn $10K and 2 Master of Pwn points.

New branding for the screen!

SUCCESS - NCC Group EDG was able to execute their command injectino attack against the Lexmark MC3224i in the Printer category. They earn $10K and 2 Master of Pwn points.

Lexmark printer pwned again!

FAILURE - Qrious Secure was unable to get their complete exploit of the NETGEAR router and the Western Digital NAS in the SOHO SMASHUP category working within the time allotted.

BUG COLLISION - DEVCORE was able to execute their Stack Based Buffer Overflow attack against the HP Color LaserJet Pro M479fdw in the Printer category. However, the exploit they used was already used earlier. They still earn $5K and 1 Master of Pwn points.

A touch of style but unfortunately a collision!

WITHDRAWN - Ledger Donjon unfortunately withdrew their attempt to attack the WAN interface of the TP-Link AX1800 in the Router category. This results in a -1 Master of Pwn point penalty.

SUCCESS - DEVCORE was able to execute their heap-based buffer overflow attack against the Canon imageCLASS MF743Cdw in the Printer category. They earn $10K and 2 Master of Pwn points.

Full win for DEVCORE!

SUCCESS - Luca MORO (@johncool__) was able to execute their Classic Buffer Overflow attack against the WD My Cloud Pro Series PR4100 in the NAS category. They earn $40K and 4 Master of Pwn points.

SUCCESS - Interrupt Labs was able to execute their improper input validation attack against the Samsung Galaxy S22 in the Mobile Phone category. They earn $25K and 5 Master of Pwn points.

Another poor Galaxy S22 pwned!

FAILURE - Bugscale was unable to get their exploit of the WAN interface of the NETGEAR RAX30 AX2400 in the Router category working within the time allotted.

SUCCESS and BUG COLLISION - for the final attempt of the night, Aleksei Stafeev was able to succesfully launch an attack against the Lexmark MC3224i in the Printer category using one unique command injection and another bug that was found earlier in the competition. They earn $7.5K and 1.5 Master of Pwn points.

1+1 = $7.5K!

BACK TO THE BLOG

Looking at the Attack Surfaces of the Kenwood DMX958XR IVI

Kenwood, IVI, Automotive

Looking at the Internals of the Kenwood DMX958XR IVI

Automotive, IVI, Kenwood

The November 2024 Security Update Review

Security Patch, Adobe, Microsoft