Security Advisory

Cybersecurity

As IoT adoption continues to proliferate, cybersecurity has become one of the top priorities. Aten created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Aten's customers have steady, unambiguous resources to help them understand how Aten resolves or mitigates reported vulnerabilities.

Vulnerability Overview

2026-SA-2

ZDI-CAN-28502: ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability
This vulnerability exists in the `/rest/system/license` endpoint handler within the `LicenseController.updateLicense()` method. The application fails to properly validate user-controlled filenames during license file uploads,allowing authenticated administrators to perform directory traversal attacks that result in arbitrary file deletion with NT\SYSTEM privileges.

Solution:
ATEN has released a security update to address this vulnerability.
Fixed version: FW V2.7.264.001

Release Date: 2026/04/15

Tech Assistance

	FAQ
	Discontinued Products
	Subscribe RSS

Latest Server Room Solutions Guide is Now Available

Remote Monitoring for Mobile Testing Carts

In-Depth Product Insights

ATEN Pro Audio Series

Optimize Data Center Sustainability with ATEN PG Series eco PDUs

Podcast AI Audio Mixer - MicLIVE (UC8000) by ATEN!

ATEN ACS Online Training

ATEN FAQ Video Channel

Security Advisory

Cybersecurity

Vulnerability Overview

2026-SA-2

Tech Assistance

Where to buy

Security Advisory

Cybersecurity

Vulnerability Overview

2026-SA-2

Tech Assistance

Where to buy

Your Privacy Choices