Vera Mensa

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. The issue stems from insufficient validation of user-supplied input before it is used in a system call. Authentication is required for exploitation. This allows an attacker to execute code within the device's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. This was identified as ZDI-CAN-28293. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the API interface of the ALGO 8180 IP Audio Alerter, allowing remote attackers to execute arbitrary code on affected devices. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. This was identified as ZDI-CAN-28294. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the SCI module of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code on affected devices. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the SAC module of the ALGO 8180 IP Audio Alerter, allowing remote attackers to execute arbitrary code. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the ALGO 8180 IP Audio Alerter Web UI that allows remote attackers to execute web requests with a target user's privileges. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied data when viewing the syslog, enabling arbitrary script injection. An attacker can then interact with the application as the target user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter, allowing remote attackers to disclose sensitive information. Authentication is not required to exploit this issue. The vulnerability stems from improper handling of sensitive information, specifically the inclusion of the authentication cookie in the response body. An attacker can leverage this to disclose information related to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter, allowing remote attackers to disclose sensitive information without authentication. An attacker can access data by directly navigating to a specific URL. This vulnerability allows unauthorized access to information within the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the handling of the Replaces header within SIP INVITE requests. The issue stems from insufficient validation of the length of user-supplied data before copying it into a fixed-length stack-based buffer. This allows a remote attacker to execute arbitrary code on affected devices without authentication. The vulnerability is related to the `SIP INVITE` request and the `Replaces` header. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the handling of the Alert-Info header within SIP INVITE requests. The issue stems from insufficient validation of user-supplied data length before copying it into a fixed-length stack-based buffer. This allows a remote attacker to execute arbitrary code on affected devices without authentication. The vulnerable component is the processing of the `Alert-Info` header in the `SIP INVITE` request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A heap-based buffer overflow in the ALGO 8180 IP Audio Alerter can lead to remote code execution. This is a zero-day vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** The ALGO 8180 IP Audio Alerter contains a use-after-free condition in its implementation of the Session Initiation Protocol (SIP). This issue could allow for remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALGO 8180 IP Audio Alerter (affected versions not specified) **Description** A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter, allowing remote attackers to execute arbitrary code on affected devices. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, enabling an attacker to execute code within the device's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.