"Remote Code Execution Vulnerabilities Uncovered in Smart Air Fryer"

Researchers from Cisco Talos found two remote code execution (RCE) vulnerabilities in the Cosori Smart Air Fryer, an Internet-connected kitchen product that allows users to have remote control over cooking temperature, times, and settings. The vulnerabilities could allow hackers to take over the device too. The first vulnerability found in the Smart 5.8-Quart Air Fryer CS158-AF (v.1.1.0) is caused by an unauthenticated backdoor, while the second vulnerability is a heap-based overflow issue. Both vulnerabilities could be abused through specially crafted traffic packets. RCEs can lead to the hijacking of systems, remote tampering, and the launch of additional malware payloads. The discovery of security flaws in the kitchen product represents a bigger problem pertaining to the vulnerability of Internet of Things (IoT) devices to attacks and the need to improve the implementation of security in the design of such devices. This article continues to discuss the RCEs in a smart air fryer uncovered by Cisco Talos researchers, Cosori's response to the disclosure of these flaws, and another recent discovery of nine vulnerabilities in four TCP/IP stacks commonly used by smart devices for communication. 

ZDNet reports "Remote Code Execution Vulnerabilities Uncovered in Smart Air Fryer"