Description
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.

The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28322.
Published: 2026-01-23
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The flaw allows a remote, authenticated attacker to inject and execute arbitrary system commands through the web-based user interface of the device. Because the supplied string is not validated before being passed to a system call, the attacker can run code with the privileges of the device during the vulnerability’s exploitation.

Affected Systems

The vulnerability affects the ALGO 8180 IP Audio Alerter product line, specifically firmware version 5.5 as identified by the CPE data. Any installation of this hardware running that firmware and exposing the web UI is susceptible.

Risk and Exploitability

The CVSS score is 8.8, indicating high severity, but the EPSS score is less than 1 % and the vulnerability is not listed in the CISA KEV catalog, suggesting a limited probability of widespread exploitation. Attackers must have valid credentials to the web UI to leverage the injection, so the risk is constrained to users with access rights, yet the resulting code execution could compromise the entire device.

Generated by OpenCVE AI on April 18, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the firmware update that patches the command injection flaw (CWE-78).
  • If an immediate firmware update is unavailable, enforce strict input validation on the web UI and restrict access to trusted networks, ensuring only users with appropriate privileges can log in (addresses CWE-78).
  • Continuously monitor authentication logs for anomalies and employ strong access controls to limit who can log into the web UI, reducing the likelihood of exploitation (CWE-78).

Generated by OpenCVE AI on April 18, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
CPEs cpe:2.3:h:algosolutions:8180_ip_audio_alerter:-:*:*:*:*:*:*:*
cpe:2.3:o:algosolutions:8180_ip_audio_alerter_firmware:5.5:*:*:*:*:*:*:*
Vendors & Products Algosolutions
Algosolutions 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 23 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Algo
Algo 8180 Ip Audio Alerter
Vendors & Products Algo
Algo 8180 Ip Audio Alerter

Fri, 23 Jan 2026 03:30:00 +0000

Type Values Removed Values Added
Description ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28322.
Title ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
Weaknesses CWE-78
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Algo 8180 Ip Audio Alerter
Algosolutions 8180 Ip Audio Alerter 8180 Ip Audio Alerter Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-01-23T19:50:16.248Z

Reserved: 2026-01-08T22:56:05.042Z

Link: CVE-2026-0796

cve-icon Vulnrichment

Updated: 2026-01-23T19:50:07.338Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T04:16:07.523

Modified: 2026-02-13T20:43:52.370

Link: CVE-2026-0796

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:30:03Z

Weaknesses