Hi,
Thank you everyone that participated, we had quite a few participants trying their skills at hacking various networking and IOT devices. Out of the 9 available devices, 2 were removed after they were completely owned, another one was removed because testing of it caused it to do a factory reset and become unreachable (no IP address). The two devices were ZyXEL Media Server, and D-Link DCS-5222L and the device that became unreachable was Tenvis IPROBOT 3 (TZ100).
The ZyXEL Media Server, which is running firmware V4.70(AFK.1) is currently listed as having no known vulnerabilities which are pre-authentication, but in Hack2Win it was compromised to the extent that root access was achieved to the box.
Likewise the D-Link DCS-5222L running firmware 2.03.01, is also currently lists no knownpre-authentication vulnerabilities. The camera feed was obtained without any user credentials, and the participant was able to move the camera physically, and caused it to emit annoying sounds.
Once the vulnerabilities are fixed by the vendors, we will publish full technical details for all of them.
The Tenvis IPROBOT 3 (TZ100) vulnerability that allows you to preform a factory reset is related to the web interface. It can be done remotely, and it is a pre-authentication. Unfortunately for the contest participant, the device was no longer accessible so the vulnerability could not be recreated, nor could be considered more than a denial of service – which does not eligible in our contest.
The participant mentioned that the vulnerability is an exploitable buffer overflow in the device (Tenvis IPROBOT 3), and it can be used to gain access to the device. I am sure that tomorrow, after I have a chance to reconfigure the device, they will be able to repeat the process and get it qualified for a prize – assuming it is more than a denial of service.
