CVE-2020-28593

HIGH

Cosori Smart Air Fryer CS158-AF 1.1.0 - RCE

Title source: llm

Description

A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

References (1)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217

Scores

CVSS v3 8.1

EPSS 0.0202

EPSS Percentile 83.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-912

Status published

Products (1)

cosori/cs158-af_firmware 1.1.0

Published Apr 15, 2021

Tracked Since Feb 18, 2026