Description
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.

The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28289.
Published: 2026-01-23
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The flaw is a command injection in the web‑based user interface that allows authenticated users to supply an arbitrary string, which the device passes directly to a system call. Successful exploitation gives the attacker the ability to run any command with the device’s privileges, compromising confidentiality, integrity, and availability. This weakness is a classic example of CWE‑78: Improper Neutralization of Special Elements used in a Command.

Affected Systems

Affects the ALGO 8180 IP Audio Alerter device, specifically firmware version 5.5. No other affected versions are listed in the current data, so devices running this or earlier firmware are potentially vulnerable.

Risk and Exploitability

The CVSS score of 8.8 marks this as high severity, yet the EPSS score of under 1% indicates a very low expected exploitation probability at present. The vulnerability is not yet included in the CISA KEV catalog. The attack vector requires authentication, implying the attacker must first gain or possess valid credentials for the web UI. Once authenticated, the attacker can supply a crafted input that the device executes as a system command, leading to full code execution on the device.

Generated by OpenCVE AI on April 18, 2026 at 03:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s official patch to address the command injection flaw
  • Restrict access to the web UI by enforcing strong authentication, network segmentation, or firewall rules so only trusted administrators can reach the management interface
  • Enable logging and monitor for abnormal command execution or unusual outbound traffic that may indicate exploitation attempts

Generated by OpenCVE AI on April 18, 2026 at 03:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
CPEs cpe:2.3:h:algosolutions:8180_ip_audio_alerter:-:*:*:*:*:*:*:*
cpe:2.3:o:algosolutions:8180_ip_audio_alerter_firmware:5.5:*:*:*:*:*:*:*
Vendors & Products Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Algo
Algo 8180 Ip Audio Alerter
Vendors & Products Algo
Algo 8180 Ip Audio Alerter

Fri, 23 Jan 2026 03:30:00 +0000

Type Values Removed Values Added
Description ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28289.
Title ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
Weaknesses CWE-78
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Algo 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter 8180 Ip Audio Alerter Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-01-23T19:51:50.339Z

Reserved: 2026-01-08T22:55:04.622Z

Link: CVE-2026-0780

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T04:16:05.357

Modified: 2026-02-13T21:02:18.967

Link: CVE-2026-0780

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:30:25Z

Weaknesses