CVE-2026-9778
HighCVSS 7.2Exploitation Probability (EPSS)
Elevated risk71th percentile — higher than 71% of all known CVEs
Summary
A directory traversal vulnerability in the ImportDeviceList method of ATEN Unizon allows remote code execution. The issue stems from improper validation of a user-supplied path before using it in file operations. Authentication is required for exploitation.
Risk Assessment
An attacker can gain full system control in the SYSTEM context, leading to infrastructure compromise and potential access to sensitive data.
Recommendation
Apply the vendor-supplied update immediately and restrict administrative interface access to trusted users only.
Original NVD description (English source)
ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportDeviceList method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28579.

