Datto: >> Siris 3 Firmware Security Vulnerabilities
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
CVSS Score
9.8
EPSS Score
0.02
Published
2018-02-20
Datto ALTO and SIRIS devices have a default VNC password.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-02-20
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-02-20
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-02-20