Vulnerabilities > Datto > Alto 2 Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-02-20 CVE-2015-9256 Information Exposure vulnerability in Datto products
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
network
low complexity
datto CWE-200
5.3
2018-02-20 CVE-2015-9255 Information Exposure vulnerability in Datto products
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.
network
low complexity
datto CWE-200
5.3
2018-02-20 CVE-2015-9254 Use of Hard-coded Credentials vulnerability in Datto products
Datto ALTO and SIRIS devices have a default VNC password.
network
low complexity
datto CWE-798
critical
9.8
2018-02-20 CVE-2015-2081 Improper Input Validation vulnerability in Datto products
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
network
low complexity
datto CWE-20
critical
9.8