25 matches found
EUVD-2020-20990
Malware in sbrugna...
EUVD-2020-20991
Malware in sbrugna...
CVE-2020-28593
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2020-28592
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...
An air fryer, a ring, and a vacuum get brought into a home. What they take out is your data (Lock and Code S05E24)
This week on the Lock and Code podcast… The month, a consumer rights group out of the UK posed a question to the public that they’d likely never considered: Were their air fryers spying on them? By analyzing the associated Android apps for three separate air fryer models from three different...
A week in security (November 4 – November 10)
Last week on Malwarebytes Labs: Hello again, FakeBat: popular loader returns after months-long hiatus TikTok ordered to close Canada offices following "national security review" Air fryers are the latest surveillance threat you didn’t consider Malwarebytes acquires AzireVPN to fuel additional VPN...
Talos Takes Ep. #53: The broader lesson of those air fryer vulnerabilities
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. It seemed like everyone on security Twitter had a joke when we disclosed a vulnerability in a WiFi-connected air fryer...
Threat Source Newsletter (April 22, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We went viral this week! Everyone seemed to love to joke about these vulnerabilities we discovered in a WiFi-connected air fryer. An attacker, if they had physical access to the device, could exploit these... This is only the...
Amazon Cosori Smart Code Execution Vulnerability
amazon COSORI Smart is a hardware device from amazon. Smart WiFi Air Fryer. A security vulnerability exists in Cosori Smart 5.8-Quart, which can be exploited by an attacker to gain full access to an application and compromise an affected system...
amazon COSORI Smart Buffer Overflow Vulnerability
amazon COSORI Smart is a hardware device from amazon. Smart WiFi Air Fryer. A security vulnerability exists in the Cosori Smart 5.8-Quart Air Fryer CS158-AF, which can be exploited by an attacker to execute arbitrary code on the target system...
Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer
Dave McDaniel of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities in the Cosori smart air fryer. The Cosori Smart Air Fryer is a WiFi-enabled kitchen appliance that cooks food with a variety of... This is only the...
CVE-2020-28593
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2020-28593
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2020-28592
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2020-28592
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...
Design/Logic Flaw
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...
Heap overflow
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2020-28593
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2020-28593
Summary: CVE-2020-28593 affects Cosori Smart 5.8-Quart Air Fryer CS158-AF (version 1.1.0) and is exploitable via an unauthenticated backdoor in the device’s configuration server. Multiple sources describe that a specially crafted JSON object can trigger remote code execution after the device regi...
CVE-2020-28592
CVE-2020-28592 affects Cosori Smart 5.8-Quart Air Fryer CS158-AF, firmware 1.1.0. The issue is a heap-based buffer overflow in the device’s configuration server triggered by a crafted JSON object, enabling remote code execution over the network with no user interaction. According to TALOS, the fl...