CVE Catalog

CVE-2026-9778

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.48%

71th percentile — higher than 71% of all known CVEs

Summary

A directory traversal vulnerability in the ImportDeviceList method of ATEN Unizon allows remote code execution. The issue stems from improper validation of a user-supplied path before using it in file operations. Authentication is required for exploitation.

Risk Assessment

An attacker can gain full system control in the SYSTEM context, leading to infrastructure compromise and potential access to sensitive data.

Recommendation

Apply the vendor-supplied update immediately and restrict administrative interface access to trusted users only.

Original NVD description (English source)

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportDeviceList method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28579.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS