Hackers have earned roughly $350,000 in rewards after demonstrating profitable exploits towards a wide range of units on the second day of the Zero Day Initiative’s Pwn2Own Toronto 2023 competitors.
Simply as on the primary day of the hacking contest, NAS units, printers, sensible audio system, and cell phones have been hacked on Wednesday, with profitable exploits additionally demonstrated towards routers.
The very best reward went to Chris Anastasio, who earned $100,000 for exploits focusing on a vulnerability within the P-Hyperlink Omada Gigabit router and one within the Lexmark CX331adwe printer, ZDI introduced.
On the second day of the competitors, a Devcore intern earned $50,000 for a stack buffer overflow problem within the TP-Hyperlink Omada Gigabit router and two flaws within the QNAP TS-464 NAS machine.
Workforce Orca of Sea Safety additionally earned $50,000 on Wednesday, for a bug within the Synology RT6600ax router and a three-bug chain towards the QNAP TS-464 NAS machine.
Rewards of $30,000 have been handed out for a command injection within the Wyze Cam v3 security digital camera and an out-of-bounds write problem within the Sonos Period 100 sensible speaker.
ZDI additionally introduced excessive rewards for an improper enter validation bug and a permissive checklist of allowed inputs flaw in Samsung Galaxy S23 ($25,000), a stack-based buffer overflow problem within the HP Shade LaserJet Professional MFP 4301fdw ($20,000), and a stack-based buffer overflow vulnerability within the Canon imageCLASS MF753Cdw printer ($10,000).
Moreover, a number of low-tier rewards have been handed out for exploits focusing on identified vulnerabilities in QNAP TS-464, Wyze Cam v3, Synology BC500, and Canon imageCLASS MF753Cdw.
General, ZDI says, taking part hackers have earned greater than $800,000 in rewards on the primary two days of the competitors, which is about to conclude on Friday.