The next attempt will see Jeffxx, atdog, Lays, ddaa and TRAPA Security target the Western Digital My Cloud Pro. They start at 1200 Eastern (UTC-4). It's the 1st NAS entry in #Pwn2Own history! #P2OTokyo

Confirmed! The Jeffxx, atdog, L4ys, ddaa and TRAPA Security team combined an auth bypass and a command injection bug to get root on the Western Digital NAS. They win $20K and 2 point towards Master of Pwn.

Confirmed! The team of Jeffxx, atdog, L4ys, ddaa and TRAPA Security used a command injection bug to take over the #NETGEAR router and get root. They win $5,000 and 1 Master of Pwn point.

We have reported a critical Pre-Auth RCE in Zyxel VPN Firewall (CVE-2023-28771) The device can be exploited as soon as it connects to the internet, without any additional configuration. Patch your Zyxel devices as soon as possible. thehackernews.com/2023/04/zyxel-…

Demo video out for Zyxel VPN Pre-Auth RCE (CVE-2023-28771) No extra config or web access needed, exploitable via WAN. More details will be released, patch your device ASAP. youtu.be/R68QJIRSwU0

Zyxel fixed two Pre-Auth RCEs (CVE-2023-33009, CVE-2023-33010) reported by our research team. Like CVE-2023-28771, both vulnerabilities are exploitable from the WAN side. Update your Zyxel Firewall ASAP. also kudos to starlabs zyxel.com/global/en/supp…

Zyxel fixed multiple vulnerabilities reported by our research team on February 20th, including CVE-2023-6764, a WAN side Pre-Auth RCE in the IPSec VPN service. Update your Zyxel Firewall and AP ASAP. zyxel.com/global/en/supp…