Pwn2Own Toronto 2022 - Day Three Results
December 08, 2022 | Dustin ChildsWelcome back to Pwn2Own Toronto! Yesterday, we awarded another $281,500 for 17 unique bugs across multiple categories. That brings our two-day total to $681,250 awarded for 46 unique 0-days. Today’s highlights include more attempts at the Samsung Galaxy, entries in the SOHO Smashup category, and more smart speaker. We’ll be updating this blog with results throughout the day.
Results current as of 21:00. All times Eastern (GMT-5). All denominations are in USD.
SUCCESS - On the first success of Day 3, Team Viettel was able to execute their OS Command Injection attack against the WD My Cloud Pro Series PR4100 in the NAS category. They earn $20K and 4 Master of Pwn points.
BUG COLLISION - STAR Labs was able to execute their SOHO SMASHUP attack on the 3rd and final try against the Synology router and the Canon printer. However, the exploits they used were seen previously in the competition. They still earn $25K and 5 Master of Pwn points.
SUCCESS - newcomer Chi Tran of Bun Bo Ong Chi was able to execute their stack based buffer overflow attack against the Canon imageCLASS MF743Cdw in the Printer category. They earn $10K and 2 Master of Pwn points.
SUCCESS and BUG COLLISION - DEVCORE builds on their total with a partial win (1 unique + 1 known bug) to execute their stack-based buffer overflow + OOB Read attack against the Sonos One Speaker in the Smart Speaker category. They earn $22.5K and another 4.5 Master of Pwn points.
FAILURE - Qrious Secure was unable to get their exploit of the Samsung Galaxy S22 in the Mobile Phone category working within the time allotted.
SUCCESS and BUG COLLISION - Team Viettel launches a successful attack with 1 unique + 1 known bug against the Cisco router and the Canon printer in the SOHO SMASHUP category. They earn $37.5K and another 7.5 Master of Pwn points.
SUCCESS - Pentest Limited was able to execute a 3-bug attack (OS command injection, SSRF & uncontrolled resource consumption) against the WD My Cloud Pro Series PR4100 in the NAS category. They earn $20K (round 3) and 4 Master of Pwn points.
BUG COLLISION - Peter Geissler (@bl4sty) was able to execute their successful attack against the Canon imageCLASS MF743Cdw in the Printer category. However, the exploit they used was already used in the contest. While earning $5K and 1 Master of Pwn points, Peter definitely wins major style points for one of the COOLEST hacks so far in the competition.
SUCCESS and BUG COLLISION - Qrious Secure launches a successful attack with 2 unique + 1 N-day bug against the WAN interface of the NETGEAR RAX30 AX2400 in the Router category. They earn $8.5K and another 1.75 Master of Pwn points.
FAILURE - Neodyme was unable to get their exploit of the WAN interface of the NETGEAR RAX30 AX2400 in the Router category working within the time allotted.
SUCCESS - Pentest Limited was able to execute their Improper Input Validation as the last Samsung Galaxy S22 attack in the Mobile Phone category. They earn $25K and 5 Master of Pwn points.
SUCCESS - R-SEC just upped the cool points and was able to not just execute their Stack-based Buffer Overflow attack against the Canon imageCLASS MF743Cdw in the Printer category, but they actually Rick-rolled the printer! They earn $10K and 2 Master of Pwn points.
SUCCESS - NCC Group EDG was able to execute a 2 exploit (command injection, type confusion) attack against the Ubiquiti and the Lexmark printer in the SOHO SMASHUP category. They earn $50K and 10 Master of Pwn points.
SUCCESS - for our nightcap, Claroty Research was able to execute a whopping FIVE bug attack against the WD My Cloud Pro Series PR4100 in the NAS category. They earn $20K and 4 Master of Pwn points.