CVE-2020-28593

Published: Apr 15, 2021Modified: Jun 17, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

Affected (1)

Products: Cosori: Cs158 Af Firmware

1 product

Cs158 Af Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cosori Cs158 Af Firmware	Version 1.1.0

Running on/with	Platform Versions
Cosori Cs158 Af	All versions

Related CWEs

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.