5 matches found
EUVD-2017-7858
Malware in sbrugna...
Command injection
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent DWA 1.0.5.0 and earlier...
CVE-2017-16674
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent DWA 1.0.5.0 and earlier...
CVE-2017-16673
Datto Backup Agent (versions 1.0.6.0 and earlier) is vulnerable due to lack of authentication for incoming connections, allowing an attacker who can reach the agent on TCP ports 25566 or 25568 to impersonate a Datto Backup Appliance and issue requests. The issue is described across multiple sourc...
CVE-2017-16674
Datto Windows Agent (DWA) versions 1.0.5.0 and earlier are vulnerable to unauthenticated remote command execution when an attacker combines a modified primary/secondary command with the CVE-2017-16673 rogue pairing attack. The issue affects DWA by allowing an attacker to gain unauthenticated acce...