Login Sign Up

CVE-2026-0789

7.5 HIGH

📋 TL;DR

This vulnerability in ALGO 8180 IP Audio Alerter devices allows remote attackers to obtain authentication cookies from the web UI response body without authentication. This affects all installations of ALGO 8180 devices with the vulnerable web interface exposed. Attackers can use stolen cookies to potentially gain unauthorized access to device management functions.

💻 Affected Systems

Products:
  • ALGO 8180 IP Audio Alerter
Versions: All versions prior to patch
Operating Systems: Embedded device OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web-based user interface component. Devices with web UI exposed to network are vulnerable.

📦 What is this software?

8180 Ip Audio Alerter Firmware by Algosolutions

View all CVEs affecting 8180 Ip Audio Alerter Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain valid authentication cookies, gain administrative access to the device, modify alert configurations, disable security features, or use the device as an entry point into the network.

🟠

Likely Case

Attackers harvest authentication cookies from exposed devices, potentially gaining read-only or limited administrative access to monitor or modify audio alert settings.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to information disclosure without ability to pivot to other systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

No authentication required. Simple HTTP requests to vulnerable endpoints can trigger the information disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-26-011/

Restart Required: Yes

Instructions:

1. Contact ALGO vendor for patch availability. 2. Download and apply firmware update. 3. Restart device. 4. Verify web UI no longer leaks authentication cookies.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate ALGO 8180 devices from untrusted networks

Access Control Lists

all

Restrict web UI access to authorized IP addresses only

🧯 If You Can't Patch

  • Place devices behind VPN or jump host with strict authentication
  • Monitor network traffic for unusual access patterns to device web UI

🔍 How to Verify

Check if Vulnerable:

Send HTTP requests to device web UI endpoints and check response bodies for authentication cookie leakage

Check Version:

Check device web interface or console for firmware version

Verify Fix Applied:

After patching, verify authentication cookies are no longer present in HTTP responses

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts followed by successful access
  • Unusual source IP addresses accessing web UI

Network Indicators:

  • HTTP requests to device web UI from unexpected sources
  • Traffic patterns suggesting cookie harvesting

SIEM Query:

source_ip IN (suspicious_ips) AND dest_port=80 AND uri CONTAINS 'algo' OR dest_port=443 AND uri CONTAINS 'algo'

📊 Metadata

CVE ID: CVE-2026-0789
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
EPSS Score: 0.11% exploit probability (30th percentile)
Published: January 23, 2026
Last Updated: February 13, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0789, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)