Vulnerabilities > Datto
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-20 | CVE-2015-9256 | Information Exposure vulnerability in Datto products Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. | 5.0 |
| 2018-02-20 | CVE-2015-9255 | Information Exposure vulnerability in Datto products Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. | 5.0 |
| 2018-02-20 | CVE-2015-9254 | Use of Hard-coded Credentials vulnerability in Datto products Datto ALTO and SIRIS devices have a default VNC password. | 7.5 |
| 2018-02-20 | CVE-2015-2081 | Improper Input Validation vulnerability in Datto products Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. | 7.5 |
| 2017-11-09 | CVE-2017-16674 | Unspecified vulnerability in Datto Windows Agent 1.0.5.0 Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. | 4.9 |
| 2017-11-09 | CVE-2017-16673 | Information Exposure vulnerability in Datto Backup Agent 1.0.6.0 Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. | 2.9 |