CVE-2026-0791

Critical

Published: 23 January 2026

Published

23 January 2026

Modified

18 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0037 58.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit…

this vulnerability. The specific flaw exists within the handling of the Replaces header of SIP INVITE requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28300.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the lack of validation of SIP Replaces header length by requiring checks on user-supplied input prior to processing into fixed buffers.

SI-16 Memory Protection good match

prevent

Implements memory safeguards like stack canaries or address space randomization to protect against exploitation of the stack-based buffer overflow.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of the specific buffer overflow flaw in the device's SIP processing firmware.

Security SummaryAI

CVE-2026-0791 is a stack-based buffer overflow vulnerability in the ALGO 8180 IP Audio Alerter devices, specifically within the handling of the Replaces header in SIP INVITE requests. The flaw stems from insufficient validation of the length of user-supplied data before copying it into a fixed-length stack-based buffer, enabling remote code execution (RCE). This issue, tracked as ZDI-CAN-28300, affects the device's SIP processing component and was published on January 23, 2026, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), mapping to CWEs-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write).

Remote attackers can exploit this vulnerability without authentication by sending a specially crafted SIP INVITE request with a malicious Replaces header. Successful exploitation allows arbitrary code execution in the context of the device, potentially granting full control over the IP Audio Alerter, including unauthorized audio announcements, network pivoting, or further compromise of connected systems.

The Zero Day Initiative advisory at https://www.zerodayinitiative.com/advisories/ZDI-26-013/ provides details on the vulnerability disclosure. No specific patch or mitigation details are outlined in the available information.

Details

CWE(s): CWE-121 CWE-787

Affected Products

algosolutions

8180 ip audio alerter firmware

5.5

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in SIP INVITE handling enables unauthenticated remote code execution on a public-facing network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.zerodayinitiative.com/advisories/ZDI-26-013/
Third Party Advisory · zdi-disclosures@trendmicro.com