QNAP, Synology and Lexmark devices were hacked by Pwn2Own on day three

The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they uncovered 11 zero-day vulnerabilities, increasing the total prize pool by $124,750, which now stands at $874,875.

Pwn2Own, a global hacking competition, challenges top security researchers to exploit a range of software and hardware devices, with the ultimate goal of winning the prestigious title of “Master of Pwn” and winning up to $1 million in rewards .

On the first day, participants uncovered 52 zero-day vulnerabilities and on the second day another 51 zero-day vulnerabilities were discovered.

Yesterday, the competition featured impressive performances from teams representing Viettel Cyber ​​Security, DEVCORE and PHP Hooligans/Midnight Blue, among others.

The day started with success for Ha The Long and Ha Anh Hoang from Viettel Cyber ​​Security, who exploited the QNAP TS-464 NAS using a single command injection vulnerability. This successful attack earned them $10,000 and 4 Master of Pwn points.

Pumpkin Chang and Orange Tsai from the DEVCORE research team combined three exploits – a CRLF injection, an authentication bypass, and an SQL injection – to take control of the Synology BeeStation. Her complex exploit rewarded her with $20,000 and 4 points.

PHP Hooligans/Midnight Blue took advantage of an out-of-bounds write error and a memory corruption error to perform a “SOHO smashup.” They managed to switch from the QNAP QHora-322 router to a Lexmark printer and ended up printing their own “banknotes,” earning the team $25,000 and 10 Master of Pwn points.

Later in the day, Viettel Cyber ​​​​Security delivered another success by exploiting the Lexmark CX331adwe printer to exploit a type confusion vulnerability, adding $20,000 to the tally and two more points.

Collisions and failed attempts

However, not all exploit attempts went smoothly, and on the third day there were numerous collisions with multiple teams exploiting the same vulnerabilities to compromise devices.

STEALIEN Inc. successfully compromised a Lorex camera, but the flaw they were exploiting had already been exploited, reducing their payout to $3,750 and awarding only 1.5 points.

Viettel Cyber ​​Security also had a collision when they exploited a Canon printer using a stack-based buffer overflow, something that had been demonstrated previously. This earned them $5,000 and 1 point.

Viettel Cyber ​​Security and ANHTUD faced challenges as time ran out before they could complete their exploits as they both attempted to penetrate the Ubiquiti AI Bullet within the allotted time.

With only 15 attempts remaining for Day 4, contestants have almost exhausted the prize pool, but there is still over $125,000 worth of prizes up for grabs.

As the competition enters its final phase, Viettel Cyber ​​​​Security is well ahead in the overall standings and has more than twice as many points as competitors DEVCORE, Neodyme, Summoning Team and Ret2 Systems have collected so far.

At the end of Day 3, the event uncovered 114 zero-day vulnerabilities, highlighting the critical role such competitions play in strengthening the security of consumer devices.