Security Advisory

Cybersecurity

As IoT adoption continues to proliferate, cybersecurity has become one of the top priorities. Aten created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Aten's customers have steady, unambiguous resources to help them understand how Aten resolves or mitigates reported vulnerabilities.

Vulnerability Overview

2026-SA-7

ZDI-CAN-28590: ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
The end point rest/system/information accepts an encrypted WAR file for updating the ATEN Unizon application. However, the application uses a hard-coded secret to encrypt the payload, allowing attackers with high privileges to encrypt a malicious package and use it to update the system. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.

Solution:
ATEN has released a security update to address this vulnerability.
Fixed version: FW V2.7.264.001

Release Date: 2026/04/15

Tech Assistance

	FAQ
	Discontinued Products
	Subscribe RSS

Latest Server Room Solutions Guide is Now Available

Remote Monitoring for Mobile Testing Carts

In-Depth Product Insights

ATEN Pro Audio Series

Optimize Data Center Sustainability with ATEN PG Series eco PDUs

Podcast AI Audio Mixer - MicLIVE (UC8000) by ATEN!

ATEN ACS Online Training

ATEN FAQ Video Channel

Security Advisory

Cybersecurity

Vulnerability Overview

2026-SA-7

Tech Assistance

Where to buy

Security Advisory

Cybersecurity

Vulnerability Overview

2026-SA-7

Tech Assistance

Where to buy

Your Privacy Choices