Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023

Hackers have earned roughly $350,000 in rewards after demonstrating successful exploits against a variety of devices on the second day of the Zero Day Initiative’s Pwn2Own Toronto 2023 competition.

On Wednesday, NAS devices were hacked, as well as printers, smart speaker, mobile phones, and printers. Routers were also successfully exploited, just like on the first hacking day.

ZDI announced that Chris Anastasio earned the top reward of $100,000. He was rewarded for exploiting a vulnerability found in the PLink Omada Gigabit wireless router, and another in the Lexmark CX331adwe laser printer.

A Devcore intern won $50,000 on the second day for a stack overflow in the TP Link Omada Gigabit Router and two flaws found in the QNAP TS-464 NAS.

On Wednesday, Team Orca from Sea Security earned $50,000 for a vulnerability in the Synology RT6600ax Router and a bug chain against the QNAP TS-464 NAS Device.

The rewards were $30,000 for an issue with the Sonos Era smart speaker and a Wyze cam v3 security cameras.

ZDI has also announced high-rewards for a flaw that affects the Samsung Galaxy S23 (a improper input validation bug), an issue with the HP Color LaserJet Pro MFP (4301fdw) ($20,000), as well as a vulnerability with the Canon imageCLASS M753Cdw printer.

Multiple low-tier rewards have also been given out for exploits targeting vulnerabilities known in QNAP’s TS-464, Wyze Cam V3, Synology BC500 and Canon imageCLASS 753Cdw.

ZDI claims that the hackers who participated in the competition earned over $800,000 on the two first days of the contest, which will conclude on Friday.

Related: Hackers Earn $400k On First Day At Pwn2Own Toronto 2020

Related: New Pwn2Own Hacking Competition Offers $1 Million

Related: Hackers Earn $180,000 at Pwn2Own Miami for ICS Exploits