Pwn2Own Toronto 2023 - Day One Results

October 24, 2023 | Dustin Childs

Welcome to Pwn2Own Toronto 2023! We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Eastern (GMT -4:00).


FAILURE - Peter Geissler was unable to get his exploit of the Canon imageCLASS MF753Cdw working within the time allotted.

SUCCESS - Binary Factory was able to execute their stack-based buffer overlow attack against the Synology BC500. They earn $30,000 and 3 Master of Pwn points.

SUCCESS - Pentest Limited was able to execute their 2-bug chain against the My Cloud Pro Series PR4100 using a DoS and SSRF. They earn $40,000 and 4 Master of Pwn points.

SUCCESS - Team Viettel was able to execute a single-bug attack against the Xiaomi 13 Pro. They earn $40,000 and 4 Master of Pwn points.

SUCCESS - Nguyen Quoc Viet was able to execute a buffer overflow attack against the Canon imageCLASS MF753Cdw. He earns $20,000 and 2 Master of Pwn points.

SUCCESS - Synacktiv was able to execute a 3-bug chain against the Synology BC500. They earn $15,000 and 3 Master of Pwn points.

SUCCESS - Team Orca of Sea Security was able to execute a 2-bug chain using an OOB Read and UAF against the Sonos Era 100. They earn $60,000 and 6 Master of Pwn points.

SUCCESS - Team ECQ was able to execute a 3-bug chain using an SSRF and two injection vulnerabilities against the QNAP TS-464. They earn $40,000 and 4 Master of Pwn points.

BUG COLLISION - Compass Security was able to execute their stack overflow attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points.

SUCCESS - "Ben" was able to execute a stack-based buffer overflow against the Canon imageCLASS MF753Cdw. He earns $10,000 and 2 Master of Pwn points.

SUCCESS - Pentest Limited was able to execute an Improper Input Validation against the Samsung Galaxy S23. They earn $50,000 and 5 Master of Pwn points.

SUCCESS - Team Viettel was able to execute a 2-bug chain against the QNAP TS-464. They earn $20,000 and 4 Master of Pwn points.

SUCCESS - Team PHPHooligans were able to execute a memory corruption bug leading to RCE against the Lexmark CX331adwe. They earn $20,000 and 2 Master of Pwn points.

SUCCESS - STAR Labs SG was able to execute a 2-bug chain including directory traversal and command injection against the QNAP TS-464. They earn $20,000 and 4 Master of Pwn points.

FAILURE - Interrupt Labs was unable to get their exploit of the Lexmark CX331adwe working within the time allotted.

SUCCESS - NCC Group was able to execute their attack against the Xiaomi 13 Pro. They earn $20,000 and 4 Master of Pwn points.

SUCCESS - Team Viettel was able to execute a stack-based buffer overflow attack against the Canon imageCLASS MF753Cdw. They earn $10,000 and 2 Master of Pwn points.

SUCCESS STAR Labs SG was able to exploit a permissive list of allowed inputs against the Samsung Galaxy S23. They earn $25,000 and 5 Master of Pwn points.

BUG COLLISION - Thales was able to execute their attack against the QNAP TS-464. However, the exploit they used was previously known. They still earn $12,500 and 2.5 Master of Pwn points.

BUG COLLISION - R-sec was able to execute their stack buffer overflow attack against the Canon imageCLASS MF753Cdw. However, the exploit they used was previously known. They still earn $2,500 and 0.5 Master of Pwn points.


That’s a wrap for Day 1 of Pwn2Own Toronto 2023 – we’ve already awarded over $400,000 in prizes! We’ll be back tomorrow with another full day of attempts, so follow along on Twitter, YouTube, Mastodon, LinkedIn, and Instagram.