Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
9.8CVSS
9.8AI Score
0.008EPSS
9.8CVSS
9.4AI Score
0.002EPSS
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.
5.3CVSS
5.1AI Score
0.002EPSS
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
5.3CVSS
5.2AI Score
0.002EPSS