Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ImportDeviceList requires a high-privilege authenticated session (PR:H) but is network-reachable with no user interaction; path traversal yields SYSTEM code execution, so C/I/A:H.
Primary rating from Vendor (zdi).
CVSS VectorVendor: zdi
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the ImportDeviceList method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28579.
AnalysisAI
Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the ImportDeviceList method, where a user-supplied file path is used in file operations without proper validation. A high-privileged remote attacker can traverse outside intended directories to write or manipulate files and ultimately execute arbitrary code in the SYSTEM context, fully compromising the host. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session with high privileges (CVSS PR:H) on ATEN Unizon and the ability to invoke the ImportDeviceList method, supplying a malicious file path that the feature fails to validate before performing file operations. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.0 base score is 7.2 (High) with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, meaning network-reachable and low-complexity but gated behind high privileges (PR:H) - an attacker must already hold administrative/high-privilege access to Unizon, which substantially narrows the realistic threat to insiders or attackers who have already compromised privileged credentials. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or abused high-privilege Unizon credentials submits a crafted ImportDeviceList request containing a traversal path (e.g., '../') that points outside the intended import directory, causing the service to write attacker-controlled content to a sensitive location. The planted file is then executed in the SYSTEM context, giving the attacker full control of the Unizon host. … |
| Remediation | Apply the fix described in the ATEN security advisory (https://www.aten.com/global/en/supportcenter/info/security-advisory/31/); patch available per vendor advisory, though an exact fixed version number was not present in the supplied data and should be confirmed directly from that advisory and ZDI-26-382 (https://www.zerodayinitiative.com/advisories/ZDI-26-382/). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all ATEN Unizon instances in production and non-production environments; disable or restrict remote access to the ImportDeviceList API and related administrative endpoints immediately. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated information disclosure in ATEN Unizon allows remote attackers to read arbitrary files from affected inst
Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the restoreDB method, where
Authenticated remote code execution in ATEN Unizon stems from a broken cryptographic signature check in the updateWar me
Arbitrary file deletion via directory traversal in ATEN Unizon's uploadSSL method allows authenticated remote attackers
Arbitrary file deletion in ATEN Unizon exposes all installations to destructive denial-of-service attacks via a path tra
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39116
GHSA-8584-g8g6-7rhx