CVE-2020-28592

Vulnerability

A heap-based buffer overflow exists in the configuration server of the Cosori Smart 5.8-Quart Air Fryer CS158-AF firmware version 1.1.0. The server listens on TCP port 41234 and communicates using JSON encrypted with a static AES key and IV (llwantaeskey1.01 and llwantaesivv1.01). A specially crafted JSON object can trigger a buffer overflow when processed by the server. [1]

Exploitation

An attacker with network access to the device during initial setup (when it acts as a WiFi access point) can send a malicious TCP packet containing a crafted JSON object to port 41234. No authentication is required. The static encryption key is known, allowing the attacker to encrypt the payload. The overflow occurs when the server copies data into a heap buffer without proper bounds checking. [1]

Impact

Successful exploitation leads to remote code execution on the device with the privileges of the configuration server process. This can allow an attacker to fully compromise the air fryer, potentially controlling its functions or using it as a pivot point. The CVSSv3 score is 8.1 (High) with network attack vector and high attack complexity. [1]

Mitigation

As of the publication date (2021-04-15), no official patch or firmware update has been released by Cosori to address this vulnerability. Users are advised to monitor vendor advisories and consider isolating the device from untrusted networks. The device is not listed on CISA's Known Exploited Vulnerabilities catalog. [1]