infi021
IoT Security Specialist
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 2
900 XP
The results of the four-day Pwn2Own Ireland 2024 competition have been announced , featuring 38 successful attacks using previously unknown (0-day) vulnerabilities in mobile devices, printers, smart speakers, storage systems and IP cameras. The attacks were carried out on the latest firmware and operating systems with all available updates and in default configurations. The total amount of rewards paid out was $993,625.
Attacks carried out:
• Samsung Galaxy S24 smartphone. One reward of $50,000 for an exploit covering 5 vulnerabilities, including a problem that allows going beyond the base file path (path traversal).
• QNAP TS-464 NAS network storage. Four successful hacks that exploited vulnerabilities related to the use of cryptographic keys left in the firmware, incorrect certificate validation, SQL substitution, command line substitution, and newline substitution. Participants were paid one prize of $40,000, one prize of $10,000, and two prizes of $20,000
• QNAP QHora-322 NAS. Six successful hacks that exploited vulnerabilities related to SQL substitution, lack of proper authentication, command substitution, and base file path overrun. Participants were paid one prize of $100,000, $50,000, $41,750, and $23,000, and two prizes of $25,000.
• True NAS X NAS. One hack with a prize of $20,000.
• Synology BeeStation BST150-4T NAS: 4 successful hacks using command injection, authentication bypass, and SQL injection vulnerabilities. Participants received one $40,000, one $20,000, and two $10,000 rewards. • Synology DiskStation
DS1823xs+ NAS: 4 successful hacks using argument handling, out-of-bounds write, and certificate validation vulnerabilities. Participants received one $40,000 and two $20,000 rewards.
• Lexmark CX331adwe Printer: One hack with a $20,000 reward exploiting a Type Confusion vulnerability.
• HP Color LaserJet Pro MFP 3301fdw Printer. Two successful hacks using stack overflow and type mishandling vulnerabilities. Two bounties were paid: $20,000 and $10,000.
• Canon imageCLASS MF656Cdw Printer. Three successful hacks using stack overflow vulnerabilities. Bounties were paid: $20,000, $10,000, and $5,000.
• Lorex 2K WiFi Security Camera. Five successful hacks using buffer overflow and pointer dereference vulnerabilities. Bounties were paid: $30,000, $15,000, and three $3,750.
• Synology TC500 security camera. One hack with a $30,000 bounty that exploited a buffer overflow vulnerability.
• Ubiquiti AI Bullet security camera. Three successful hacks. Bounties paid out: $30,000, $15,000, and $3,750.
• Sonos Era 300 smart speaker. Three successful hacks that exploited buffer overflow and reference-after-free vulnerabilities. One $60,000 bounty and two $30,000 bounties were paid.
• AeoTec Smart Home Hub smart home management platform. One hack with a $40,000 bounty that exploited a vulnerability caused by improper cryptographic signature verification.
In addition to the above-mentioned successful attacks, 16 attempts to exploit vulnerabilities failed, in most cases because the teams did not manage to complete the attack within the limited time allotted for the attack. The unsuccessful attempts were to hack Ubiquiti AI Bullet, Synology TC500 and Lorex 2K cameras, Lexmark CX331adwe and Canon imageCLASS MF656Cdw printers, TrueNAS Mini X, Synology DiskStation DS1823xs+, Synology BeeStation BST150-4T and QNAP TS-464 network storage devices, and the Sonos Era 300 smart speaker
. The exact components of the problem have not yet been reported. In accordance with the terms of the competition, detailed information on all demonstrated 0-day vulnerabilities will be published only after 90 days , which is given to the manufacturers to prepare updates to eliminate the vulnerabilities.
source :
Attacks carried out:
• Samsung Galaxy S24 smartphone. One reward of $50,000 for an exploit covering 5 vulnerabilities, including a problem that allows going beyond the base file path (path traversal).
• QNAP TS-464 NAS network storage. Four successful hacks that exploited vulnerabilities related to the use of cryptographic keys left in the firmware, incorrect certificate validation, SQL substitution, command line substitution, and newline substitution. Participants were paid one prize of $40,000, one prize of $10,000, and two prizes of $20,000
• QNAP QHora-322 NAS. Six successful hacks that exploited vulnerabilities related to SQL substitution, lack of proper authentication, command substitution, and base file path overrun. Participants were paid one prize of $100,000, $50,000, $41,750, and $23,000, and two prizes of $25,000.
• True NAS X NAS. One hack with a prize of $20,000.
• Synology BeeStation BST150-4T NAS: 4 successful hacks using command injection, authentication bypass, and SQL injection vulnerabilities. Participants received one $40,000, one $20,000, and two $10,000 rewards. • Synology DiskStation
DS1823xs+ NAS: 4 successful hacks using argument handling, out-of-bounds write, and certificate validation vulnerabilities. Participants received one $40,000 and two $20,000 rewards.
• Lexmark CX331adwe Printer: One hack with a $20,000 reward exploiting a Type Confusion vulnerability.
• HP Color LaserJet Pro MFP 3301fdw Printer. Two successful hacks using stack overflow and type mishandling vulnerabilities. Two bounties were paid: $20,000 and $10,000.
• Canon imageCLASS MF656Cdw Printer. Three successful hacks using stack overflow vulnerabilities. Bounties were paid: $20,000, $10,000, and $5,000.
• Lorex 2K WiFi Security Camera. Five successful hacks using buffer overflow and pointer dereference vulnerabilities. Bounties were paid: $30,000, $15,000, and three $3,750.
• Synology TC500 security camera. One hack with a $30,000 bounty that exploited a buffer overflow vulnerability.
• Ubiquiti AI Bullet security camera. Three successful hacks. Bounties paid out: $30,000, $15,000, and $3,750.
• Sonos Era 300 smart speaker. Three successful hacks that exploited buffer overflow and reference-after-free vulnerabilities. One $60,000 bounty and two $30,000 bounties were paid.
• AeoTec Smart Home Hub smart home management platform. One hack with a $40,000 bounty that exploited a vulnerability caused by improper cryptographic signature verification.
In addition to the above-mentioned successful attacks, 16 attempts to exploit vulnerabilities failed, in most cases because the teams did not manage to complete the attack within the limited time allotted for the attack. The unsuccessful attempts were to hack Ubiquiti AI Bullet, Synology TC500 and Lorex 2K cameras, Lexmark CX331adwe and Canon imageCLASS MF656Cdw printers, TrueNAS Mini X, Synology DiskStation DS1823xs+, Synology BeeStation BST150-4T and QNAP TS-464 network storage devices, and the Sonos Era 300 smart speaker
. The exact components of the problem have not yet been reported. In accordance with the terms of the competition, detailed information on all demonstrated 0-day vulnerabilities will be published only after 90 days , which is given to the manufacturers to prepare updates to eliminate the vulnerabilities.
source :
Loading…
www.zerodayinitiative.com
Loading…
www.zerodayinitiative.com
Loading…
www.zerodayinitiative.com