CVE-2026-0779

High

Published: 23 January 2026

Published

23 January 2026

Modified

18 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0037 59.0th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific…

flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25568.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the core flaw by requiring validation of user-supplied strings before use in system calls, preventing command injection.

SI-2 Flaw Remediation good match

prevent

Mandates timely flaw remediation for this specific ping command injection vulnerability through patching or vendor updates.

CM-7 Least Functionality partial match

prevent

Reduces attack surface by configuring the device to enable only essential capabilities, allowing restriction or disablement of the vulnerable ping feature in the web UI.

Security SummaryAI

CVE-2026-0779 is a ping command injection vulnerability leading to remote code execution in ALGO 8180 IP Audio Alerter devices. The flaw exists in the web-based user interface, where a user-supplied string is not properly validated before being passed to a system call, enabling command injection as classified under CWE-78 and CWE-77. This issue allows attackers to execute arbitrary code in the context of the device.

Remote attackers who possess valid authentication (low privileges required) can exploit this vulnerability over the network with low attack complexity and no user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, as reflected in the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The Zero Day Initiative advisory ZDI-26-001, published in reference to ZDI-CAN-25568, provides further details on the vulnerability at https://www.zerodayinitiative.com/advisories/ZDI-26-001/.

Details

CWE(s): CWE-78 CWE-77

Affected Products

algosolutions

8180 ip audio alerter firmware

5.5

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

The vulnerability is a command injection (CWE-78/77) in a public-facing web UI leading to RCE, directly mapping to T1190 (Exploit Public-Facing Application) and enabling execution via Unix Shell (T1059.004) on the likely Linux-based device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.zerodayinitiative.com/advisories/ZDI-26-001/
Third Party Advisory · zdi-disclosures@trendmicro.com