Impact
The vulnerability is a command injection flaw in the web‑based user interface of the ALGO 8180 IP Audio Alerter. A remote attacker who can authenticate to the web UI can supply a specially crafted string that is passed directly to a system call without validation, allowing the attacker to execute arbitrary commands with the privileges of the device during exploitation. This is a CWE‑78 command injection vulnerability, enabling remote code execution.
Affected Systems
The flaw affects the ALGO 8180 IP Audio Alerter product line, specifically firmware version 5.5 as identified by the CPE data. Any installation of this hardware running that firmware and exposing the web UI is likely susceptible.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity, while the EPSS score of 1.5% (approximately) suggests a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalogue. Because authentication is required, the risk is confined to users who have valid credentials to the web UI; however, successful exploitation would give the attacker the ability to run code on the entire device.
OpenCVE Enrichment