The Pwn2Own Exploit That Never Was: A Format String Flaw in Synology IP Cameras Allowed Remote Code Execution

In the autumn of 2024, the InfoSect bug hunting team prepared a remote code execution attack targeting the Synology TC500 IP camera for entry in the Pwn2Own Ireland competition. The exploitation hinged on a...