Cyber Posture

CVE-2026-0792

Critical

Published: 23 January 2026

Published
23 January 2026
Modified
18 February 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0068 71.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit…

more

this vulnerability. The specific flaw exists within the handling of the Alert-Info header of SIP INVITE requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28301.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the lack of length validation for user-supplied Alert-Info header data before copying to a fixed stack buffer, preventing the buffer overflow.

SI-16 Memory Protection good match
prevent

Implements memory protections such as non-executable stacks and ASLR to mitigate exploitation of the stack-based buffer overflow for remote code execution.

SC-7 Boundary Protection partial match
prevent

Enforces boundary protection to restrict SIP INVITE traffic to trusted sources, reducing exposure to unauthenticated remote attacks exploiting the Alert-Info header vulnerability.

Security SummaryAI

CVE-2026-0792 is a stack-based buffer overflow vulnerability in the ALGO 8180 IP Audio Alerter devices, specifically within the handling of the Alert-Info header in SIP INVITE requests. The flaw stems from insufficient validation of the length of user-supplied data before copying it into a fixed-length stack-based buffer, enabling remote code execution (RCE). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWEs-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write). No authentication is required to exploit it, and it was originally identified as ZDI-CAN-28301.

Remote attackers can exploit this vulnerability by sending a specially crafted SIP INVITE request with a malicious Alert-Info header to an affected device. Successful exploitation allows the attacker to execute arbitrary code in the context of the device, potentially leading to full compromise including high confidentiality, integrity, and availability impacts.

The Zero Day Initiative has published an advisory at https://www.zerodayinitiative.com/advisories/ZDI-26-014/ detailing the vulnerability, though specific mitigation or patch information from vendors is not detailed in available disclosures. Security practitioners should monitor for firmware updates from Algo Communication Products and restrict SIP traffic to trusted sources where possible.

Details

CWE(s)
CWE-121CWE-787

Affected Products

algosolutions
8180 ip audio alerter firmware
5.5

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote code execution via exploitation of a public-facing SIP service on the ALGO 8180 device without authentication, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References