Bad news for lockdown slimmers who've ignored advice about not needing to connect every friggin' appliance in their home to the internet: Talos researchers have sniffed out security flaws allowing attackers to hijack your air fryer.
Specifically, Cisco's infosec arm said it had tested and confirmed that the Cosori Smart 5.8-Quart Air Fryer CS158-AF, version 1.1.0, could be exploited by a theoretical fried-chicken-hater. As we've confirmed, the device – and we note there is a virtually identical "non-smart" one for the same price – is still widely available for sale.
The two flaws (CVE-2020-28592 and CVE-2020-28593) are both server code execution vulnerabilities. An attacker could exploit them by cooking up and sending a specially crafted packet to the device that contains a unique JSON object, which would then allow them to execute arbitrary code.
< ..
Support the originator by clicking the read the rest link below.