Impact
The vulnerability is a command injection flaw in the web‑based user interface that allows an authenticated user to supply arbitrary input that the device passes directly to a system call. Successful exploitation gives the attacker the ability to run any command with the device’s privileges, thereby compromising confidentiality, integrity, and availability. The weakness is identified as CWE‑78: Improper Neutralization of Special Elements used in a Command.
Affected Systems
Affects the ALGO 8180 IP Audio Alerter device running firmware version 5.5. No other affected firmware versions are listed in the current data, so it is not known whether earlier or later releases are vulnerable.
Risk and Exploitability
The CVSS score of 8.8 marks this as high severity. The EPSS score of 1% indicates a relatively low expected exploitation probability at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector requires authentication, which means the attacker must first obtain or possess valid credentials for the web UI. Once authenticated, the attacker can supply a crafted input that the device executes as a system command, leading to full code execution on the device.
OpenCVE Enrichment