CVE-2026-0792
Published: 23 January 2026
Summary
CVE-2026-0792 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Algosolutions 8180 Ip Audio Alerter Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the lack of length validation for user-supplied Alert-Info header data before copying to a fixed stack buffer, preventing the buffer overflow.
Implements memory protections such as non-executable stacks and ASLR to mitigate exploitation of the stack-based buffer overflow for remote code execution.
Enforces boundary protection to restrict SIP INVITE traffic to trusted sources, reducing exposure to unauthenticated remote attacks exploiting the Alert-Info header vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote code execution via exploitation of a public-facing SIP service on the ALGO 8180 device without authentication, directly mapping to T1190: Exploit Public-Facing Application.
NVD Description
ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit…
more
this vulnerability. The specific flaw exists within the handling of the Alert-Info header of SIP INVITE requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28301.
Deeper analysisAI
CVE-2026-0792 is a stack-based buffer overflow vulnerability in the ALGO 8180 IP Audio Alerter devices, specifically within the handling of the Alert-Info header in SIP INVITE requests. The flaw stems from insufficient validation of the length of user-supplied data before copying it into a fixed-length stack-based buffer, enabling remote code execution (RCE). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWEs-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write). No authentication is required to exploit it, and it was originally identified as ZDI-CAN-28301.
Remote attackers can exploit this vulnerability by sending a specially crafted SIP INVITE request with a malicious Alert-Info header to an affected device. Successful exploitation allows the attacker to execute arbitrary code in the context of the device, potentially leading to full compromise including high confidentiality, integrity, and availability impacts.
The Zero Day Initiative has published an advisory at https://www.zerodayinitiative.com/advisories/ZDI-26-014/ detailing the vulnerability, though specific mitigation or patch information from vendors is not detailed in available disclosures. Security practitioners should monitor for firmware updates from Algo Communication Products and restrict SIP traffic to trusted sources where possible.
Details
- CWE(s)