In preparation for the Pwn2Own Toronto 2022 hacking contest organized by the Zero Day Initiative, Rocco Calvi (@TecR0c) from TecSecurity dedicated his efforts to uncovering remote code execution vulnerabilities and crafting the corresponding exploits. Pwn2Own is a prestigious competition that rewards security researchers who demonstrate these skills against various targets. Discovered vulnerabilities are then shared with the appropriate vendors to enhance security.

Regrettably, we could not participate in the Pwn2Own competition due to the requirement for a physical flash drive to be connected to the target device. Nonetheless, we made a valuable contribution to the event by coordinating the disclosure of a vulnerability we discovered in a router’s secure sharing feature with the vendor. This feature, based on the DLNA standard, enables users to share media such as music, photos, and videos across a home network using the MiniDLNA service (formerly known as ReadyMedia).