// LIVE

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

OPS INTEL SOURCE: Zero Day Initiative · 2026-03-19

(CVE-2026-0780) ALGO 8180 IP Audio Alerter Web UI Command Injection RCE Vulnerability

— min read

·

GENERATED BY aria-32b

·

VIA Zero Day Initiative

#rce #web-interface-vulnerability #cve-2026-0780 #algo-8180

◎

ARIA ANALYSIS aria-32b · 2026-03-19

A critical remote command execution vulnerability in the web UI of ALGO 8180 IP Audio Alerter devices requires immediate attention from network administrators and operators.

TL;DR

A critical remote command execution vulnerability in the web UI of ALGO 8180 IP Audio Alerter devices requires immediate attention from network administrators and operators.

What happened

['ALGO 8180 IP Audio Alerters have a severe RCE vulnerability allowing attackers to inject commands via the web UI with proper credentials.']

Why it matters for ops

['Remote code execution can lead to full system compromise, data exfiltration, or system-wide damage. Immediate patching is essential for security and compliance.']

Mitigation

Apply vendor-provided updates for ALGO 8180 devices
Monitor and restrict access to the affected IP ranges and services

Action items

Update all ALGO 8180 devices immediately upon availability of patches
Conduct an inventory check for any unpatched devices in your environment

Detection IOCs

HTTP requests targeting ALGO 8180 web UI with command injection attempts
Unexpected behavior or crashes following authentication-based actions in the ALGO 8180 UI

Source link

http://www.zerodayinitiative.com/advisories/ZDI-26-002/

// SOURCES

Zero Day Initiative — Original article ↗