Security experts from Cisco Talos have found two remote code execution (RCE) vulnerabilities in the Cosori Smart Air Fryer. The Cosori Smart Air Fryer is an appliance with smart capabilities that cooks food with a variety of methods and settings. Users can control the device via Wi-Fi, they can start and stop cooking, look up recipe guides and monitor cooking status.
The flaws could be exploited by threat actors to take over the devices and perform a broad range of malicious actions, some of the issues could be only exploited by attackers with physical access to the air fryer.