Security Advisory
Cybersecurity
As IoT adoption continues to proliferate, cybersecurity has become one of the top priorities. Aten created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Aten's customers have steady, unambiguous resources to help them understand how Aten resolves or mitigates reported vulnerabilities.
CVE-2025-6685
ZDI-CAN-26647 : eco DC Missing Authorization Privilege Escalation Vulnerability
A vulnerability has been discovered in ATEN eco DC firmware versions prior to V1.2.116 that could allow malicious users to bypass authorization restrictions on multiple endpoints.
Solution:
Aten has developed appropriate solutions FW:V1.2.116 to patch the security vulnerabilities. The following are the solutions for the affected products.
View Security Advisory on Aten Website
Acknowledgment:
We'd like to thank Vu Khanh Trinh (@_Sonicrr) from VNPT Cyber Immunity, in collaboration with the Trend Zero Initiative, for reporting the vulnerability and helping us improve our product’s security.
Release Date: 2025/07/02
Vulnerability Scoring Details :
The vulnerability scores and vectors are listed below.
| Severity | CVSS Score | Vector |
|---|---|---|
| High | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Tech Assistance
| FAQ | |
| Discontinued Products |
