Blog

Pwn2Own Toronto 2023 - Day Three Results

October 26, 2023
Dustin Childs

Welcome to Day 3 of Pwn2Own Toronto 2023! We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Eastern (GMT -4:00).

FAILURE - The DEVCORE Intern was unable to get their exploit of the Canon imageCLASS MF753Cdw working within the time allotted.

BUG COLLISION - Interrupt Labs was able to execute an RCE attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points.

FAILURE - Team Orca of Sea Security was unable to get their exploit of the Xiamoi 13 Pro working within the time allotted.

WITHDRAWAL - ToChim withdrew their attempt to target the Xiaomi 13 Pro.

BUG COLLISION - Claroty was able to execute a 4-bug chain against the TP-Link Omada Gigabit Router and Synology BC500 for the SOHO Smashup. However, one of the bugs they used was previously known. They still earn $40,750 and 8.25 Master of Pwn points.

SUCCESS - STEALIEN executed a stack-based buffer overflow attack against the Wyze Cam v3 resulting in a root shell. They earn $15,000 and 3 Master of Pwn Points.

SUCCESS - Rafal Goryl used a 2-bug chain to exploit the Wyze Cam v3 and gain a root shell. He earns $15,000 and 3 Master of Pwn Points.

BUG COLLISION - Team Orca of Sea Security was able to execute their attack against the Samsung Galaxy S23. However, the bug they used was previously known. They still earn $6,250 and 1.25 Master of Pwn points.

SUCCESS - Team Viettel was able to execute a stack-based buffer overflow attack leading to RCE against the Lexmark CX331adwe. They earn $10,000 and 2 Master of Pwn points.

FAILURE - Interrupt Labs was unable to get their exploit of the Xiaomi 13 Pro working within the time allotted.

SUCCESS - Synacktiv was able to execute a heap-based buffer overflow in the kernel triggered via WiFi and leading to RCE against the Wyze Cam v3. They earn $15,000 and 3 Master of Pwn points.

WITHDRAWAL - ANHTUD withdrew their attempt to target the Xiaomi 13 Pro.

BUG COLLISION - Sina Kheirkhah was able to exploit a stack-based buffer overflow and a missing authentication for critical function against the TP-Link Omada Gigabit Router and the Lexmark CX331adwe for the SOHO Smashup. However, one of the bugs he used was previously known. He still earns $31,250 and 6.25 Master of Pwn points.

That’s a wrap for Day 3 of Pwn2Own Toronto 2023 – total prize payout is now $938,250! We’ll be back tomorrow with our last few attempts to see if we can break $1 million in prizes. Follow along on Twitter, YouTube, Mastodon, LinkedIn, and Instagram.

Hero Background

Stand at the front line of proactive security

Trend ZDI connects the experts who discover, remediate, and defend.
Add your voice to the work that pushes attackers back.