Pwn2Own Ireland 2024: Day Two Results
October 23, 2024 | Dustin ChildsWelcome back to Pwn2Own Ireland 2024! Yesterday, we awarded $516,250 for over 50 unique 0-day bugs. Today looks to be just as exciting with attempts on phones, cameras, printers, and smart speakers. We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Irish Standard Time (GMT +1:00).
SUCCESS - Pham Tuan Son (@Little_timmy) and ExLuck (@ExLuck99) from ANHTUD used a single stack-based overflow to exploit the Canon imageCLASS MF656Cdw printer. Their second-round win earns them $10,000 and 2 Master of Pwn points.
SUCCESS - Ken Gannon (@yogehi) of NCC Group (@NCCGroupInfosec) used five different bugs, including a path traversal, to get a shell and install an app on the Samsung Galaxy S24. He earns $50,000 and 5 Master of Pwn points.
SUCCESS - dungdm (@_piers2) with Viettel Cyber Security (@vcslab) used a single Use-After-Free (UAF) bug to exploit the #Sonos Era 300. The second-round win earns him $30,000 and 6 Master of Pwn points.
COLLISION - The Tenable Group used a stack-based buffer overflow to exploit the Lorex 2K camera, but the bug had already been used in the contest. They still earn $3,750 and 1.5 Master of Pwn points.
FAILURE - The DEVCORE Research Team (@d3vc0r3) and nella17 (@nella17tw) working with DEVCORE Internship Program couldn't get their SOHO Smashup completed in time. They made it through the router but couldn't pop the printer.
FAILURE - Ryan Emmons (@the_emmons) and Stephen Fewer (@stephenfewer) of Rapid7 could not get their exploit og the Lorex 2K camera working within the time allotted.
SUCCESS - The InfoSect (@infosectcbr) group used a heap-based buffer overflow to take over the Sonos Era 300 speaker. Their second-round win earns them $30,000 and six Master of Pwn points.
SUCCESS - Chris Anastasio (@mufinnnnnnn) and Fabius Watson (@FabiusArtrel) of Team Cluck used two bugs (inclusing a CLRF injenction) in a beautiful chain to exploit the QNAP TS-464 NAS. The second round win earns them $20,000 and 4 Master of Pwn points.
FAILURE - Cody Gallagher and Charlie Waters could not get their exploit of the Sonos Era 300 working within the time allotted.
SUCCESS - PHP Hooligans / Midnight Blue (@midnightbluelab) used a command injection bug to get code execution on the Synology BeeStation BST150-4T. They earn $40,000 and four Master of Pwn points.
COLLISION - Corentin BAYET (@OnlyTheDuck) of @Reverse_Tactics used three bugs to go from the QNAP QHora-322 to the QNAP TS-464, but 1 had been previously seen in the contest. He still earns $41,750 and 8.5 Master of Pwn points.
FAILURE - Unfortunately, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) could not get his exploit of the TrueNAS Mini X working within the time allotted.
FAILURE - Sadly, the Neodyme (@Neodyme) team could not get their exploit of the Lexmark CX331adwe printer working within the time allotted.
SUCCESS - Chris Anastasio (@mufinnnnnnn) & Fabius Watson (@FabiusArtrel) of Team Cluck used an Improper Certificate Validation bug to exploit the Synology DiskStation. Their second round win earns them $20,000 and four Master of Pwn points.