Description
ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the web-based user interface. By navigating directly to a URL, a user can gain unauthorized access to data. An attacker can leverage this vulnerability to disclose information in the context of the device. Was ZDI-CAN-28299.
Published: 2026-01-23
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Update firmware
AI Analysis

Impact

This vulnerability allows remote attackers to obtain sensitive device data without authentication by directly requesting a URL in the web-based user interface. Based on the description, the flaw involves an improper restriction of network access that may expose configuration details and other device state information. Because the attacker does not need to authenticate, any network‑accessible HTTP request can trigger the disclosure, compromising the confidentiality of the device’s internal data.

Affected Systems

Affected are ALGO 8180 IP Audio Alerter hardware devices, specifically models running the 5.5 firmware or earlier. The vulnerability is present in the web UI component of the product and applies to installations that expose this interface to the network.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, but the EPSS score under 1% suggests that exploitation is unlikely in the current threat landscape. The device is not listed in the CISA KEV catalog, so there is no evidence of active exploitation. Attackers would need remote network connectivity to the device’s web interface and would not require administrative credentials. The exploit path would involve sending a crafted GET request to a specific URL; a successful request results in information disclosure.

Generated by OpenCVE AI on April 18, 2026 at 15:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to the latest firmware when an official patch becomes available
  • Restrict access to the web UI using firewall rules, VPNs, or network segmentation so only trusted internal hosts can reach it
  • Monitor incoming HTTP requests for patterns indicative of unauthorized URL probing and alert network security teams

Generated by OpenCVE AI on April 18, 2026 at 15:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
CPEs cpe:2.3:h:algosolutions:8180_ip_audio_alerter:-:*:*:*:*:*:*:*
cpe:2.3:o:algosolutions:8180_ip_audio_alerter_firmware:5.5:*:*:*:*:*:*:*
Vendors & Products Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Fri, 23 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Algo
Algo 8180 Ip Audio Alerter
Vendors & Products Algo
Algo 8180 Ip Audio Alerter

Fri, 23 Jan 2026 03:30:00 +0000

Type Values Removed Values Added
Description ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. By navigating directly to a URL, a user can gain unauthorized access to data. An attacker can leverage this vulnerability to disclose information in the context of the device. Was ZDI-CAN-28299.
Title ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability
Weaknesses CWE-425
References
Metrics cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Algo 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter 8180 Ip Audio Alerter Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-01-23T19:38:42.172Z

Reserved: 2026-01-08T22:55:42.415Z

Link: CVE-2026-0790

cve-icon Vulnrichment

Updated: 2026-01-23T19:38:37.368Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T04:16:06.720

Modified: 2026-02-13T20:32:36.217

Link: CVE-2026-0790

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:30:03Z

Weaknesses