Description
ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the InformaCast functionality. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28302.
Published: 2026-01-23
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The ALGO 8180 IP Audio Alerter suffers a heap‑based buffer overflow in its InformaCast feature. The flaw arises from a lack of length validation when copying user‑supplied data into a heap buffer, allowing any remote attacker to reliably trigger a memory corruption that results in execution of arbitrary code in the device’s context. Authentication is not required; any network‑connected device can be targeted by a crafted payload.

Affected Systems

The vulnerability affects devices running ALGO 8180 IP Audio Alerter firmware version 5.5 as identified by the product CPE. No other firmware versions are listed as affected in the available data.

Risk and Exploitability

The CVSS base score of 9.8 classifies the flaw as Critical. The EPSS score of less than 1 % indicates that active exploitation is currently unlikely, but the lack of an authentication requirement means that any network‑reachable device is a potential target. The vulnerability is not yet listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 18, 2026 at 20:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to a firmware release that contains the fix for the InformaCast heap overflow; apply the vendor’s patch when it becomes available.
  • If an upgrade cannot be performed immediately, isolate the device from untrusted networks and block inbound traffic on the ports used by the InformaCast service to impede delivery of the malicious payload.
  • Disable the InformaCast feature through the device’s configuration interface to eliminate the vulnerable code path.
  • Implement rigorous input length validation (mitigating CWE‑122 and CWE‑787) in custom or third‑party extensions that interact with InformaCast to prevent future buffer overflows.

Generated by OpenCVE AI on April 18, 2026 at 20:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:algosolutions:8180_ip_audio_alerter:-:*:*:*:*:*:*:*
cpe:2.3:o:algosolutions:8180_ip_audio_alerter_firmware:5.5:*:*:*:*:*:*:*
Vendors & Products Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 23 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Algo
Algo 8180 Ip Audio Alerter
Vendors & Products Algo
Algo 8180 Ip Audio Alerter

Fri, 23 Jan 2026 03:30:00 +0000

Type Values Removed Values Added
Description ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InformaCast functionality. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28302.
Title ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability
Weaknesses CWE-122
References
Metrics cvssV3_0

{'score': 8.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Algo 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter 8180 Ip Audio Alerter Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-01-23T16:36:50.354Z

Reserved: 2026-01-08T22:55:53.760Z

Link: CVE-2026-0793

cve-icon Vulnrichment

Updated: 2026-01-23T16:36:45.536Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T04:16:07.123

Modified: 2026-02-18T18:51:47.677

Link: CVE-2026-0793

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T20:15:09Z

Weaknesses