Pwn2Own 2023 eddig elesett: Synology BC500, My Cloud Pro Series PR4100, Xiaomi 13 Pro, Samsung Galaxy S23 ...

... QNAP TS-464, Canon imageCLASS MF753Cdw, Lexmark CX-331 ...

Teljes fordulatszámon pörög a Zero Day Initiative (ZDI) népszerű, biztonsági szakemberek számára szervezett "törjünk fel mindent, amit csak tudunk komoly pénzdíjakért és dicsőségpontokért" vetélkedője, a Pwn2Own. Összefoglaló az első napról ☝‍️

Success! Team PHPHooligans were able to execute a memory corruption bug leading to RCE against the Lexmark CX-331. They earn $20,000 and 2 Master of Pwn points. #Pwn2Own pic.twitter.com/pUY8CRAWV0
— Zero Day Initiative (@thezdi) October 24, 2023

Success! Pentest Limited was able to execute an Improper Input Validation against the Samsung Galaxy S23. They earn $50,000 and 5 Master of Pwn points. #Pwn2Own pic.twitter.com/VaLc1mnhiH
— Zero Day Initiative (@thezdi) October 24, 2023

Success! Team ECQ was able to execute a 3-bug chain using an SSRF and two injection vulnerabilities against the QNAP TS-464. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own pic.twitter.com/pXzymqJPxn
— Zero Day Initiative (@thezdi) October 24, 2023

Success! Team Orca of Sea Security was able to execute a 2-bug chain using an OOB Read and UAF against the Sonos Era 100. They earn $60,000 and 6 Master of Pwn points. #Pwn2Own pic.twitter.com/3VPhvU7f2H
— Zero Day Initiative (@thezdi) October 24, 2023

Success! Nguyen Quoc Viet was able to execute a buffer overflow attack against the Canon imageCLASS MF753Cdw. He earns $20,000 and 2 Master of Pwn points. #Pwn2Own pic.twitter.com/ypMZa0au3Z
— Zero Day Initiative (@thezdi) October 24, 2023

Success! Team Viettel (@hoangnx99, @vudq16, @biennd279, @_q5ca from @vcslab) were able to execute a single-bug attack against the Xiaomi 13 Pro. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own pic.twitter.com/DNKpLltBAp
— Zero Day Initiative (@thezdi) October 24, 2023

Success! Pentest Limited was able to execute their 2-bug chain against the My Cloud Pro Series PR4100 using a DoS and SSRF. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own pic.twitter.com/hXV76aLMis
— Zero Day Initiative (@thezdi) October 24, 2023

Success! Binary Factory was able to execute their stack-based buffer overflow attack against the Synology BC500. They earn $30,000 and 3 Master of Pwn points. #Pwn2Own pic.twitter.com/K3liFRFkeH
— Zero Day Initiative (@thezdi) October 24, 2023