Security Advisory
Cybersecurity
As IoT adoption continues to proliferate, cybersecurity has become one of the top priorities. Aten created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Aten's customers have steady, unambiguous resources to help them understand how Aten resolves or mitigates reported vulnerabilities.
2026-SA-1
ZDI-CAN-29041: Unizon Service Unauthenticated RPC Interface Denial-of-Service Vulnerability
A vulnerability has been discovered in Unizon Service versions prior to V2.7.262 that exposes an unauthenticated RPC interface on TCP port 1829. The affected service relies on Java ObjectInputStream for object deserialization without enforcing authentication controls. By sending specially crafted requests to the RPC service, a remote unauthenticated attacker may cause the service to repeatedly restart, resulting in a denial-of-service condition.
Solution:
This issue has been resolved in V2.7.263.001. Users are strongly advised to upgrade to this fixed version, which addresses the vulnerability and eliminates the denial-of-service risk.In the meantime, users can mitigate the issue by:Restricting network access to the affected RPC service, limiting exposure of TCP port 1829 to trusted hosts only.Disabling the service if it is not required until the upgrade to the fixed version can be performed.
Upgrading to V2.7.263.001 will fully resolve the vulnerability.
Release Date: 2026/03/16
Tech Assistance
| FAQ | |
| Discontinued Products |
