CVE-2020-28593 – An unauthenticated backdoor in Cosori Smart Air... (How to Fix)

Q: What is the severity of CVE-2020-28593?

CVE-2020-28593 has a CVSS score of 8.1 (HIGH). An unauthenticated backdoor in Cosori Smart Air Fryer's configuration server allows remote code execution via specially crafted JSON packets. This affects Cosori Smart 5.8-Quart Air Fryer CS158-AF version 1.1.0 users, enabling attackers to potentially take full control of the device without authentication.

📋 TL;DR

An unauthenticated backdoor in Cosori Smart Air Fryer's configuration server allows remote code execution via specially crafted JSON packets. This affects Cosori Smart 5.8-Quart Air Fryer CS158-AF version 1.1.0 users, enabling attackers to potentially take full control of the device without authentication.

💻 Affected Systems

Products:

Cosori Smart 5.8-Quart Air Fryer CS158-AF

Versions: 1.1.0

Operating Systems: Embedded IoT firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the configuration server functionality specifically. Device must be connected to network to be vulnerable.

📦 What is this software?

Cs158 Af Firmware by Cosori

View all CVEs affecting Cs158 Af Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to execute arbitrary code, modify device functionality, access network resources, or use as pivot point for further attacks.

🟠

Likely Case

Remote code execution leading to device manipulation, data exfiltration, or integration into botnets.

🟢

If Mitigated

Limited impact if device is isolated from untrusted networks and firmware is updated.

🌐 Internet-Facing: HIGH - Directly exposed to internet with no authentication required for exploitation.

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malicious JSON packet to device's configuration server. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version - check with vendor

Vendor Advisory: https://www.cosori.com/security

Restart Required: Yes

Instructions:

1. Check Cosori website/app for firmware updates. 2. Apply available firmware update. 3. Restart device. 4. Verify update applied successfully.

🔧 Temporary Workarounds

Network Isolation

all

Isolate air fryer on separate VLAN or network segment with no internet access

Firewall Rules

all

Block inbound connections to device on all ports except essential ones

🧯 If You Can't Patch

Disconnect device from network entirely and use only manual controls
Place device behind strict firewall allowing only outbound connections to Cosori servers

🔍 How to Verify

Check if Vulnerable:

Check device firmware version in Cosori app. If version is 1.1.0, device is vulnerable.

Check Version:

Check via Cosori mobile app: Settings > Device Info > Firmware Version

Verify Fix Applied:

Verify firmware version is updated beyond 1.1.0 in Cosori app settings.

📡 Detection & Monitoring

Log Indicators:

Unusual JSON payloads to device configuration port
Unexpected device reboots or behavior changes

Network Indicators:

Malformed JSON packets sent to device IP on configuration port
Unusual outbound connections from device

SIEM Query:

source_ip=* dest_ip=[DEVICE_IP] dest_port=[CONFIG_PORT] payload_contains="malicious_json_pattern"

📊 Metadata

CVE ID: CVE-2020-28593

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-912

Published: April 15, 2021

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28593, you might also want to check these: