Security Advisory

Cybersecurity

As IoT adoption continues to proliferate, cybersecurity has become one of the top priorities. Aten created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Aten's customers have steady, unambiguous resources to help them understand how Aten resolves or mitigates reported vulnerabilities.

Vulnerability Overview

2026-SA-6

ZDI-CAN-28579: ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability
The vulnerability exists in the `/rest/devices/csv` endpoint, which is designed to allow authenticated administrators to import device lists via CSV file upload. The issue stems from improper handling of user-controlled filenames in the file upload process.

Solution:
ATEN has released a security update to address this vulnerability.
Fixed version: FW V2.7.264.001

Release Date: 2026/04/15

Tech Assistance

	FAQ
	Discontinued Products
	Subscribe RSS

Latest Server Room Solutions Guide is Now Available

Remote Monitoring for Mobile Testing Carts

In-Depth Product Insights

ATEN Pro Audio Series

Optimize Data Center Sustainability with ATEN PG Series eco PDUs

Podcast AI Audio Mixer - MicLIVE (UC8000) by ATEN!

ATEN ACS Online Training

ATEN FAQ Video Channel

Security Advisory

Cybersecurity

Vulnerability Overview

2026-SA-6

Tech Assistance

Where to buy

Security Advisory

Cybersecurity

Vulnerability Overview

2026-SA-6

Tech Assistance

Where to buy

Your Privacy Choices