CVE-2022-50909 HIGH

CVE-2022-50909: Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)

Vendor Algo Solutions

Product Algo 8028

Weakness CWE-78

Published January 13, 2026

Last update January 14, 2026

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges, enabling remote code execution through a crafted POST request.

Key dates

02Disclosure timeline

January 13, 2026 CVE published

January 14, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-50909

Related vulnerabilities

CVE-2022-50909: Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)

01Description

02Disclosure timeline

03References

04Related CVE