We live in a connected world, but sometimes too much connectivity can impact our cybersecurity. Researchers at TALOS have disclosed recently two remote code execution vulnerabilities present in a smart air fryer.

As you might already know RCEs are maybe some of the most severe types of vulnerabilities because they are allowing attackers to remotely deploy malicious code, thus potentially leading to the takeover of a system, remote tampering, and execution of additional malware payloads.

It’s true that targeting consumer products for the execution of an RCE may not have the same impact as when the attackers are targeting a corporate network, but it is worth highlighting that a smart product that we have in our home is not necessary also safe.

Two RCEs were discovered in the Cosori Smart Air Fryer, a Wi-Fi-connected kitchen product, the air fryer leverages the internet to give users remote control over cooking temperature, times, and settings.

TALOS-2020-1216 (CVE-2020-28592) and TALOS-2020-1217 (CVE-2020-28593) are remote code execution vulnerabilities that could allow an attacker to remotely inject code into the device. This could hypothetically allow an adversary to change temperatures, cooking times and settings on the air fryer, or start it without the user’s knowledge. The adversary must have physical access to the air fryer for some of these vulnerabilities to work.”


The cyber researchers tested the Cosori Smart 5.8-Quart Air Fryer CS158-AF (v.1.1.0) and discovered two vulnerabilities, called CVE-2020-28592 and CVE-2020-28593.

CVE-2020-28592 is caused by an unauthenticated backdoor and CVE-2020-28593 is caused by a heap-based overflow issue.

Both vulnerabilities could be exploited with the use of crafted traffic packets, although local access may be required for easier exploitation.

At this time the vulnerabilities don’t have any fix, as Cosori did not respond within the typical 90-day vulnerability disclosure period.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Threat Prevention - Network

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

The important takeaway from this situation is related to the vulnerabilities that can interact and affect the Internet of Things (IoT) devices in our homes, and the further implications this might have.

Vulnerability Assessment 101

The Complete Guide to IoT Security and What Every Business Owner Needs to Know

Python Programming Language Rushes to Address RCE Vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *