Welcome to Day 3 of Pwn2Own Toronto 2023! We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Eastern (GMT -4:00).
FAILURE – The DEVCORE Intern was unable to get their exploit of the Canon imageCLASS MF753Cdw working within the time allotted.
BUG COLLISION – Interrupt Labs was able to execute an RCE attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points.
FAILURE – Team Orca of Sea Security was unable to get their exploit of the Xiamoi 13 Pro working within the time allotted.
WITHDRAWAL – ToChim withdrew their attempt to target the Xiaomi 13 Pro.
BUG COLLISION – Claroty was able to execute a 4-bug chain against the TP-Link Omada Gigabit Router and Synology BC500 for the SOHO Smashup. However, one of the bugs they used was previously known. They still earn $40,750 and 8.25 Master of Pwn points.
SUCCESS – STEALIEN executed a stack-based buffer overflow attack against the Wyze Cam v3 resulting in a root shell. They earn $15,000 and 3 Master of Pwn Points.
SUCCESS – Rafal Goryl used a 2-bug chain to exploit the Wyze Cam v3 and gain a root shell. He earns $15,000 and 3 Master of Pwn Points.
BUG COLLISION – Team Orca of Sea Security was able to execute their attack against the Samsung Galaxy S23. However, the bug they used was previously known. They still earn $6,250 and 1.25 Master of Pwn points.
SUCCESS – Team Viettel was able to execute a stack-based buffer overflow attack leading to RCE against the Lexmark CX331adwe. They earn $10,000 and 2 Master of Pwn points.