Pwn2Own Toronto 2022 - Day Two Results
2022-12-7 23:49:34 Author: www.thezdi.com(查看原文) 阅读量:33 收藏

Welcome back to Pwn2Own Toronto! Yesterday, we awarded $400,000 for 26 unique 0-days. We saw the Samsung Galaxy exploited twice and two successful demonstrations in the SOHO Smashup category. Today’s event’s look to be just as exciting. We’ll be updating this blog with results throughout the day.

Results current as of 1100. All times Eastern (GMT-5). All denominations are in USD.

SUCCESS - for the first attempt of Day 2, ANHTUD Information Security Department was able to execute exploits against 2 bugs (one being a stack-based buffler overflow) on a HP Color LaserJet Pro M479fdw in the Printer category. They earn $10K and 2 Master of Pwn points.

We are not camera shy here at Pwn2Own!

BUG COLLISION - PHPHooligans was able to execute 2 exploits against the WAN interface of the NETGEAR RAX30 AX2400 in the Router category. However, the exploits they used were previously used in the competition. They still earn $10K and 1 Master of Pwn points.

SUCCESS and BUG COLLISION - Bugscale was able to succesfully launch an attack against the Synology router and HP Printer in today's first SOHO SMASHUP challenge using one unique bug and another previously known bug. They earn $37,500 and 7.5 Master of Pwn points.

SUCCESS - Toan Pham and Tri Dang from Qrious Secure were able to execute an attack using 2 bugs against the Sonos One Speaker in the Smart Speaker category. They earn $60K and 6 Master of Pwn points.

SUCCESS - Team Viettel was able to execute their Command Injection, Root Shell attack against the LAN interface of the TP-Link AX1800 in the Router category. They earn $5K and 1 Master of Pwn points.

Team Viettel (@rskvp93, @_q5ca, @hoangnx99 from @vcslab)


文章来源: https://www.thezdi.com/blog/2022/12/7/pwn2own-toronto-2022-day-two-results
如有侵权请联系:admin#unsafe.sh