October 26, 2023 at 12:57PM
Hackers at the Pwn2Own Toronto 2023 competition earned a total of $350,000 in rewards on the second day. Devices such as NAS devices, printers, smart speakers, mobile phones, and routers were successfully exploited. The highest reward of $100,000 went to Chris Anastasio for vulnerabilities in the P-Link Omada Gigabit router and Lexmark CX331adwe printer. The overall rewards earned by hackers in the first two days of the competition exceeded $800,000.
During the second day of the Zero Day Initiative’s Pwn2Own Toronto 2023 competition, hackers earned approximately $350,000 in rewards by successfully exploiting various devices. Similar to the first day, NAS devices, printers, smart speakers, mobile phones, and routers were hacked. The highest reward of $100,000 went to Chris Anastasio for exploiting vulnerabilities in the P-Link Omada Gigabit router and the Lexmark CX331adwe printer. A Devcore intern earned $50,000 for discovering a stack buffer overflow issue in the TP-Link Omada Gigabit router and two flaws in the QNAP TS-464 NAS device. Team Orca of Sea Security also received $50,000 for identifying a bug in the Synology RT6600ax router and a three-bug chain in the QNAP TS-464 NAS device. Rewards of $30,000 were given for a command injection in the Wyze Cam v3 security camera and an out-of-bounds write issue in the Sonos Era 100 smart speaker. ZDI also announced significant rewards for various vulnerabilities in the Samsung Galaxy S23, HP Color LaserJet Pro MFP 4301fdw, and Canon imageCLASS MF753Cdw printer, ranging from $25,000 to $10,000. Low-tier rewards were distributed for exploits targeting known vulnerabilities in QNAP TS-464, Wyze Cam v3, Synology BC500, and Canon imageCLASS MF753Cdw. In total, hackers have earned over $800,000 in rewards during the first two days of the competition, which will end on Friday.