Pwn2Own is a competition where contestants have to compromise up-to-date targets in their default configuration. This event is reputedly hard, but recent editions started including categories dedicated to best-selling consumer electronics like routers, NAS, and printers. These very attractive targets brought many new researchers, making the latest Pwn2Own the biggest edition to this date.
In this presentation, we share our humble journey as participants in Pwn2Own Toronto 2022, from the attack surfaces we identified to the technical details of WAN-side vulnerabilities on two routers, the Synology RT660ax and the NETGEAR AX2400.
It wouldn't be a true Pwn2Own talk without all the drama–be ready for lame bugs, collisions, and last-minute updates!