Pwn2Own Ireland Day One - The Results
October 22, 2024 | Dustin ChildsWelcome to the first day of Pwn2Own Ireland 2024! We have four tremendous days of research planned, including multiple SOHO attempts. We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Irish Standard Time (GMT +1:00).
SUCCESS - phudq and namnp from Viettel Cyber Security (@vcslab) used a stack-based buffer overflow and an untrusted pointer deref to exploit the Lorex 2K WiFi camera. They earn $30,000 and 3 Master of Pwn points.
FAILURE - Unfortunately, Can Acar (@canacar_t) was unable to get his exploit of the Synology TC500 camera working within the time allotted.
SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) used a total of 9(!) different bugs to go from the QNAP QHora-322 through to the TrueNAS Mini X. His effort earns him $100,000 and 10 Master of Pwn points.
SUCCESS - Jack Dates of RET2 Systems (@ret2systems) used a single Out-of-Bounds (OOB) write to exploit the Sonos Era 300 speaker. He earns himself $60,000 and 6 Master of Pwn points.
SUCCESS - Team Neodyme (@Neodyme ) used a stack-based buffer overflow to exploit the HP Color LaserJet Pro MFP 3301fdw printer. The earn $20,000 and 2 Master of Pwn points.
FAILURE - Unfortunately, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) could not get his exploit of the QNAP TS-464 working within the time allotted.
SUCCESS - PHP Hooligans / Midnight Blue (@midnightbluelab) used a single bug to exploit the Canon imageCLASS MF656Cdw printer. They earn themselves $20,000 and 2 Master of Pwn points.
COLLISION - The @Synacktiv team exploited the Lorex camera with two bugs, but one had previously been used in the contest. They still earn $11,250 and 2.25 Master of Pwn points.
