Tuesday 20 April 2021
The impact of this issue announcement is medium. Please act accordingly to rectify the issue, as stated below.
Cosori Smart 5.8-Quart Air Fryer CS158-AF (v.1.1.0)
What you need to know:
Cisco Talos researchers have disclosed two remote code executions (RCEs) in the Cosori Smart 5.8-Quart Air Fryer CS158-AF (v.1.1.0). The first vulnerability is brought about by a backdoor (CVE-2020-28592), and the second is a heap-based overflow (CVE-2020-28593). Both vulnerabilities could be exploited through crafted traffic packets.
Actions to be taken:
Despite having no confirmation of a fix yet, rules with products such as SNORT already have detected exploitation attempts against the said vulnerabilities.