ALGO IP Speakers & more with hardcoded passwords

ALGO IP Speakers & more with hardcoded passwords
A lot of Algo IoT Devices with hardcoded passwords are exposed on the internet!

"IP Speakers, Displays, Intercoms, Paging Adapters, and Visual Alerters.
Delivering optimal performance, reliability, and durability, 
Algo endpoints are designed for seamless compatibility with leading unified communication and mass notification platforms."
-algosolutions.com

Messing around on the internet months ago looking for texts similar to "Default password"
I discovered many results of IoT Algo products (mostly IP speakers) with the default password algo,
all the results have the following icon hash, -1024590169
There's not much to say, let's find this with FOFA.

[*] fofa_results.png


As you can see, there are more than 2k results vulnerable, but actually only an undefined subset of these allow algo as the default password.

[*] algo_login.png


Once you log in you will have control of the entire product, I think it will be fun to play a Rick Astley song.

[*] algo_audioplayer.png