The flaw arises from the web UI in ALGO 8180 IP Audio Alerter devices, where an authentication cookie is embedded directly in the body of HTTP responses. This oversight allows a remote attacker, without needing any credentials, to retrieve the cookie, which based on the nature of the cookie could potentially be used for session hijacking or to expose other sensitive data; this is inferred from the description. The vulnerability enables disclosure of confidential device information, violating confidentiality, and is classified as CWE‑200 information disclosure.

The vulnerability affects ALGO 8180 IP Audio Alerter hardware with firmware version 5.5; impact on later versions is unconfirmed. The CPE identifiers confirm that the firmware 5.5 is impacted. Organizations operating these devices, especially in public or unprotected networks, are at risk.

The CVSS score of 7.5 classifies it as high severity, while the EPSS score of less than 1% indicates a low probability of exploitation at present. It is not listed in the KEV catalog, suggesting no known active exploitation. The attack can be performed over the network by sending a request to the web interface; no authentication is required. It is inferred that the high severity combined with the low exploitation likelihood would place the threat at a moderate to high risk for organizations using vulnerable devices, especially those exposing the web UI to the Internet.