Lucene search

TalosCVELIST:CVE-2020-28592

HistoryApr 15, 2021 - 1:40 p.m.

CVE-2020-28592

2021-04-1513:40:35

CWE-120

talos

www.cve.org

cve-2020-28592

configuration server

remote code execution

json object

malicious packet

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.007

Percentile

80.5%

JSON

A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.

CNA Affected

[
  {
    "product": "Cosori",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1216

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.007

Percentile

80.5%

JSON

Related for CVELIST:CVE-2020-28592