58 New Vulnerabilities Exploited at PWN2WN Competition in Toronto

In a recent cybersecurity competition, a total of 58 previously unknown vulnerabilities, also known as zero-day vulnerabilities, were demonstrated in various devices including mobile devices, printers, smart collections systems, smart columns storage, and routers. These vulnerabilities were demonstrated using the latest firmware and operating systems with all available updates in their default configurations.

The competition offered a total remuneration of over 1 million US dollars ($1,038,500) for successful exploitation of these vulnerabilities. Team Viettel emerged as the most successful team, earning 180 thousand US dollars. Team Orca secured the second place with a payout of 116.250 thousand dollars, followed by Devcore with a payout of 50 thousand dollars.




During the competition, multiple attacks were demonstrated which led to remote code execution in various devices. These devices include the TP-Link Omada Gigabit Router (with additional hacks involving the Lexmark CX331ADWE printer, Qnap TS-464 network vault, Synology BC500 chamber, and Printer Canon ImageClass MF753CDW) with payouts ranging from $31,250 to $100,000. Additionally, a vulnerability was also demonstrated in the Synology RT6600AX router, with a payout of $50,000 when exploited alongside the network storage of Qnap TS-464.

/Reports, release notes, official announcements.