Pwn2Own: IoT Inspector Research Lab uncovers vulnerabilities in Cisco router

At this year’s Pwn2Own competition, our team from the IoT Inspector Research Lab successfully identified three previously unknown vulnerabilities in the Cisco RV340 router, thereby gaining control over the device (remote code execution via authorization bypass and command injection).  

By exploiting these vulnerabilities, attackers could gain access to corporate networks and spy on sensitive data, for example. This popular business router is used by thousands of companies all over the world. 

All details will be published after the standardized 90-day disclosure period, during which the manufacturer has the opportunity to fix the vulnerabilities. 

Big up to the IoT Inspector Research Lab for their great success! 

Internationally renowned competition 

Pwn2Own is one of the most renowned hacker competitions in the world. It is organized by the Zero Day Initiative and has been held bi-annually since 2007.  

Participants are invited to uncover new vulnerabilities in common software and wireless devices. For this year’s event, 22 participants submitted 58 hacks – more than ever before. Many manufacturers cooperate with the renowned hack event and voluntarily put their devices up for attacks to improve the security of their products. 

Picture Credit: zerodayinitiative.com

About ONEKEY

ONEKEY (formerly IoT Inspector) is the leading European platform for automated security & compliance analysis for industrial (IIoT & ICS), manufacturing (OT) and Internet of Things (IoT) devices. Using automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use and 24/7 throughout the product lifecycle. Leading companies such as SWISSCOM, VERBUND AG and ZYXEL are using this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

 

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de

Share on facebook
Share on twitter
Share on pinterest
Share on linkedin
Share on xing
Share on email