Skip to main content

ATEN Unizon CVE-2026-9778

| EUVDEUVD-2026-39116 HIGH
Path Traversal (CWE-22)
2026-06-24 zdi GHSA-8584-g8g6-7rhx
7.2
CVSS 3.0 · Vendor: zdi
Share

Severity by source

Vendor (zdi) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

ImportDeviceList requires a high-privilege authenticated session (PR:H) but is network-reachable with no user interaction; path traversal yields SYSTEM code execution, so C/I/A:H.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (zdi).

CVSS VectorVendor: zdi

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 24, 2026 - 22:25 vuln.today

DescriptionCVE.org

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the ImportDeviceList method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28579.

AnalysisAI

Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the ImportDeviceList method, where a user-supplied file path is used in file operations without proper validation. A high-privileged remote attacker can traverse outside intended directories to write or manipulate files and ultimately execute arbitrary code in the SYSTEM context, fully compromising the host. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privilege Unizon credentials
Delivery
Reach ImportDeviceList over network
Exploit
Submit crafted traversal path
Execution
Write file outside intended directory
Persist
Execute code as SYSTEM
Impact
Full host compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with high privileges (CVSS PR:H) on ATEN Unizon and the ability to invoke the ImportDeviceList method, supplying a malicious file path that the feature fails to validate before performing file operations. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.0 base score is 7.2 (High) with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, meaning network-reachable and low-complexity but gated behind high privileges (PR:H) - an attacker must already hold administrative/high-privilege access to Unizon, which substantially narrows the realistic threat to insiders or attackers who have already compromised privileged credentials. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or abused high-privilege Unizon credentials submits a crafted ImportDeviceList request containing a traversal path (e.g., '../') that points outside the intended import directory, causing the service to write attacker-controlled content to a sensitive location. The planted file is then executed in the SYSTEM context, giving the attacker full control of the Unizon host. …
Remediation Apply the fix described in the ATEN security advisory (https://www.aten.com/global/en/supportcenter/info/security-advisory/31/); patch available per vendor advisory, though an exact fixed version number was not present in the supplied data and should be confirmed directly from that advisory and ZDI-26-382 (https://www.zerodayinitiative.com/advisories/ZDI-26-382/). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all ATEN Unizon instances in production and non-production environments; disable or restrict remote access to the ImportDeviceList API and related administrative endpoints immediately. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9778 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy