Pwn2Own: IoT Inspector Research Lab uncovers vulnerabilities in Cisco router

At this year’s Pwn2Own competition, our team from the IoT Inspector Research Lab successfully identified three previously unknown vulnerabilities in the Cisco RV340 router, thereby gaining control over the device (remote code execution via authorization bypass and command injection).  

By exploiting these vulnerabilities, attackers could gain access to corporate networks and spy on sensitive data, for example. This popular business router is used by thousands of companies all over the world. 

All details will be published after the standardized 90-day disclosure period, during which the manufacturer has the opportunity to fix the vulnerabilities. 

Big up to the IoT Inspector Research Lab for their great success! 

Internationally renowned competition 

Pwn2Own is one of the most renowned hacker competitions in the world. It is organized by the Zero Day Initiative and has been held bi-annually since 2007.  

Participants are invited to uncover new vulnerabilities in common software and wireless devices. For this year’s event, 22 participants submitted 58 hacks – more than ever before. Many manufacturers cooperate with the renowned hack event and voluntarily put their devices up for attacks to improve the security of their products. 

Picture Credit:


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150