Vulnerabilities > Datto > Alto XL Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-20 | CVE-2015-2081 | Improper Input Validation vulnerability in Datto products Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. | 9.8 |
| 2018-02-20 | CVE-2015-9254 | Use of Hard-coded Credentials vulnerability in Datto products Datto ALTO and SIRIS devices have a default VNC password. | 9.8 |