Description
ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the SAC module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28296.
Published: 2026-01-23
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability manifests as an OS command injection in the SAC module of the ALGO 8180 IP Audio Alerter, allowing remote attackers to execute arbitrary system commands without requiring authentication.

Affected Systems

The affected vendor is ALGO Solutions, with the product named 8180 IP Audio Alerter. No specific firmware versions are identified, indicating that any device running this hardware that includes the SAC module may be susceptible.

Risk and Exploitability

The CVSS base score of 9.8 signifies critical severity, but the EPSS score of less than 1% suggests a very low likelihood of active exploitation; the vulnerability is not listed in CISA’s KEV catalog. Attackers can exploit the lack of input validation to trigger system calls, potentially compromising device integrity and availability.

Generated by OpenCVE AI on April 18, 2026 at 03:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Confirm the device firmware version from the user manual or system interface and check the vendor’s website for updates that address the command‑execution flaw.
  • If an urgent patch is not yet available, disable or block external access to the SAC management interface and restrict the device to a trusted local network segment.
  • Apply firewall rules or network segmentation to prevent unsolicited traffic to the device’s management ports while monitoring for anomalous commands or activity logs.

Generated by OpenCVE AI on April 18, 2026 at 03:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
CPEs cpe:2.3:h:algosolutions:8180_ip_audio_alerter:-:*:*:*:*:*:*:*
cpe:2.3:o:algosolutions:8180_ip_audio_alerter_firmware:5.5:*:*:*:*:*:*:*
Vendors & Products Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 23 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Algo
Algo 8180 Ip Audio Alerter
Vendors & Products Algo
Algo 8180 Ip Audio Alerter

Fri, 23 Jan 2026 03:30:00 +0000

Type Values Removed Values Added
Description ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SAC module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28296.
Title ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability
Weaknesses CWE-78
References
Metrics cvssV3_0

{'score': 8.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Algo 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter 8180 Ip Audio Alerter Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-01-23T19:42:31.287Z

Reserved: 2026-01-08T22:55:30.289Z

Link: CVE-2026-0787

cve-icon Vulnrichment

Updated: 2026-01-23T19:42:27.953Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T04:16:06.317

Modified: 2026-02-18T19:04:13.407

Link: CVE-2026-0787

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:30:25Z

Weaknesses