The highest reward of the day went to team Orca of Sea Security, which executed a two-vulnerability exploit chain (out-of-bounds read and use-after-free) against the Sonos Era 100 speaker, earning $60,000.
The Pentest Limited team earned the second highest reward of the day, at $50,000, for an improper input validation exploit targeting the Samsung Galaxy S23 mobile phone.
The team also earned a $40,000 reward for a two-bug exploit chain (denial-of-service and server-side request forgery) leading to the compromise of Western Digital’s My Cloud Pro Series PR4100 network-attached storage (NAS) product.