Vulnerabilities > Datto > Siris 3 X ALL Flash Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-20 | CVE-2015-9256 | Information Exposure vulnerability in Datto products Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. | 5.3 |
| 2018-02-20 | CVE-2015-9255 | Information Exposure vulnerability in Datto products Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. | 5.3 |
| 2018-02-20 | CVE-2015-9254 | Use of Hard-coded Credentials vulnerability in Datto products Datto ALTO and SIRIS devices have a default VNC password. | 9.8 |
| 2018-02-20 | CVE-2015-2081 | Improper Input Validation vulnerability in Datto products Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. | 9.8 |