CVE-2026-9777
Analyzed Analyzed - Analysis Complete

ATEN Unizon Directory Traversal Remote Code Execution

Vulnerability report for CVE-2026-9777, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-06-27

Assigner: Zero Day Initiative

Description

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28578.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-06-27
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
aten unizon to 2.7.264 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the ATEN Unizon software, specifically in the restoreDB method. It is a directory traversal flaw that allows an authenticated remote attacker to execute arbitrary code on the affected system. The root cause is the lack of proper validation of a user-supplied path before it is used in file operations, which can be exploited to run code with SYSTEM-level privileges.

Impact Analysis

If exploited, this vulnerability allows an attacker with authentication to execute arbitrary code on the affected system with SYSTEM privileges. This can lead to full control over the system, including the ability to modify, delete, or steal data, disrupt services, or use the system as a foothold for further attacks.

Mitigation Strategies

To mitigate the CVE-2026-9777 vulnerability, you should immediately apply the security update released by ATEN International.

  • Update ATEN Unizon software to version FW V2.7.264.001 or later.
  • Follow the guidance provided in ATEN's security advisory (2026-SA-5) for vulnerability management and resolution.

These steps address the directory traversal and remote code execution flaw in the restoreDB method by ensuring proper validation of user-supplied paths.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability affects the ATEN Unizon software's restoreDB method, specifically the `/rest/system/database/restore` endpoint. Detection involves monitoring for unauthorized or suspicious access attempts to this endpoint, especially those involving directory traversal patterns in file upload requests.

Since authentication is required to exploit this vulnerability, detection should focus on authenticated sessions attempting to upload files with path traversal sequences (e.g., '../') or unusual filenames.

Network detection can include inspecting HTTP requests to the vulnerable endpoint for directory traversal payloads.

Suggested commands for detection might include using tools like curl or wget to simulate requests, or using grep to search logs for suspicious patterns. For example:

  • grep -r '/rest/system/database/restore' /var/log/httpd/ or /var/log/nginx/ to find access attempts to the vulnerable endpoint.
  • grep -r '\.\./' /var/log/httpd/ or /var/log/nginx/ to detect directory traversal attempts in logs.
  • Use curl to test the endpoint with a crafted payload (authentication required): curl -X POST -u user:password -F 'file=@../../../../etc/passwd' https://target/rest/system/database/restore

Note that these commands require appropriate access and credentials, and testing should be done in a controlled environment.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9777. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart