Pwn2Own Toronto 2022 - Day One Results

December 06, 2022 | Dustin Childs

Welcome to the first day of Pwn2Own Toronto for 2022. We’ll be updating this blog in real time as results become available. Even though we have an unprecedented number of entries this year, we are going to buy all additional rounds that have entered the competition.  The first winner on each target will receive the full cash award and the devices under test. For the second and subsequent rounds on each target, all other winners will receive 50% of the prize package, however, they will still earn the full Master of Pwn points.

Results current as of 19:30 Eastern

SUCCESS - To start off the competition with a bang, Nettitude was able to execute their Stack-based Buffer Overflow attack against the Canon imageCLASS MF743Cdw in the Printer category. They earn $20K and 2 Master of Pwn points.

SUCCESS - Tri Dang and Bien Pham (@bienpnn) from Qrious Secure were able to execute 2 bugs (authentication bypass and command injectiong) attack against the WAN interface of TP-Link AX1800 in the Router category. They earn $20K and 2 Master of Pwn points.

Qrious Secure targeting the WAN interface of TP-Link AX1800 in the Router category

SUCCESS - Horizon3 AI was able to execute their command injection attack by serenading the crowd with a little tune from a popular classic against the Lexmark MC3224i in the Printer category. They earn $20K and 2 Master of Pwn points.

Some soothing tunes from some famous plumbers!

SUCCESS - Gaurav Baruah was able to execute their command injection attack against the WAN interface of the Synology RT6600ax in the Router category, earning $20K cash and 2 Master of Pwn points.

Command injection attack against the WAN interface of a Synology RT6600ax.

SUCCESS - Interrupt Labs provided the first bit of drama for the day, but was able to execute their stack-based buffer overflow attack on the 3rd and final try against the HP Color LaserJet Pro M479fdw in the Printer category. They earn $20K and 2 Master of Pwn points.

SUCCESS - STAR Labs was able to execute their improper input validation attack on their 3rd try against the Samsung Galaxy S22. They earn $50K and 5 Master of Pwn points.

The team got a great video of the exploit attempt: https://www.youtube.com/watch?v=dQw4w9WgXcQ

Great taste in music!

WITHDRAWN - Unfortunately Quarkslab targeting the LAN interface of the NETGEAR RAX30 AX2400 in the Router category to had to withdraw their entry, resulting in a -0.5 point penalty against Master of Pwn. They have another entry later on, so best of luck to them then!

SUCCESS - Computest was able to execute their command injection root shell attack against the LAN interface of the Synology RT6600ax in the Router category. They earn $5K and 1 Master of Pwn points.

FAILURE - Unfortunately, PHPHooligans were unable to get the first ever SOHO SMASHUP exploit targeting the NETGEAR router and the Lexmark printer working within the time allotted.

SUCCESS - Chim was able to execute their improper input validation attack against the Samsung Galaxy S22. They earn $25K (round 2) and 5 Master of Pwn points.

Gotta love that calc!

SUCCESS - Interrupt Labs was able to execute 2 bugs (SQL injection and command injection) against the LAN interface of the NETGEAR RAX30 AX2400 in the Router category. They earn $5K and 1 Master of Pwn points.

FAILURE - Tenable was unable to get their exploit of the LAN interface of the TP-Link AX1800 in the Router category working within the time allotted.

SUCCESS - DEVCORE becomes the first team ever to successfully execute two different Stack-based buffer overflow attacks against a Mikrotik router and a Canon printer in the brand new SOHO SMASHUP category. They earn a cool $100K cash and 10 Master of Pwn points.

Pretty sure it’s obvious who Pwned this!

SUCCESS - Claroty Research was able to execute a chain of 3 bugs (2x Missing Auth for Critical Function and an Auth Bypass) attack against the Synology DiskStation DS920+ in the NAS category. They earn $40K and 4 Master of Pwn points.

WITHDRAWN - NCC Group EDG targeting the LAN interface of the TP-Link AX1800 in the Router category has withdrawn their entry which unfortunately results in a -0.5 Master of Pwn point penalty.

SUCCESS - Team Viettel was able to execute 2 bugs (including a command injection) in an attack against the HP Color LaserJet Pro M479fdw in the Printer category. They earn $10K and 2 Master of Pwn points.

Pwning in style!

BUG COLLISION - ASU SEFCOM was able to execute their OOB Write attack against the Synology DiskStation DS920+ in the NAS category to gain code execution. However, one of the exploits they used was already publicly known. They still earn $10K and 2 Master of Pwn points.

A collision, but still good stuff!

SUCCESS - Claroty Research was able to execute 5 different bugs in an attack against the LAN interface of the NETGEAR RAX30 AX2400 in the Router category. They earn $2.5K and 1 Master of Pwn points.

BUG COLLISION - NCC Group EDG was able to execute their command injection attack against the LAN interface of the Synology RT6600ax in the Router category. However, the exploit they used was exploited earlier in the competition. They still earn $1250 and 0.5 Master of Pwn points.

SUCCESS - Neodyme became the 2nd team to triumph in the new SOHO SMASHUP category by executing an attack using 3 bugs against a NETGEAR router and an HP printer. They earn $50K and 10 Master of Pwn points.

BUG COLLISION - Tri Dang from Qrious Secure successfully exploited the LAN interface of the NETGEAR RAX30 AX2400 in the Router category but was ruled a COLLISION because of an earlier exploit. They still earn $1250 and 0.5 Master of Pwn points.

That wraps up the first day of Pwn2Own Toronto 2022! We awarded $400,000 for 26 unique bugs during the first day of the contest. We’ll continue posting results and videos to Twitter, YouTube, Mastodon, LinkedIn, and Instagram, so follow us on your favorite flavor of social media for the latest news from the event.