October 23, 2024 By Bill Toulas
On the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes.
Viettel Cyber Security took an early lead getting 13 points in their chase for the "Master of Pwn" title. The team's phudq and namnp exploited a Lorex 2K WiFi camera through a stack-based buffer overflow vulnerability and got $30,000 and 3 points.
Sina Kheirkhah from Summoning Team stole the show with a chain of nine vulnerabilities to go from QNAP QHora-322 router to TrueNAS Mini X device, which brought a $100,000 payout and 10 Master of Pwn points.
RET2 Systems' Jack Dates followed with a successful out-of-bounds (OOB) write exploit on the Sonos Era 300 smart speaker, securing $60,000 and 6 points. His exploit allowed full control over the device.
A second Viettel Cyber Security attempt combined four new bugs to pivot from the QNAP QHora-322 router to the TrueNAS Mini X, earning them another $50,000 and 10 points.
Other notable attempts from Pwn2Own day one include: