4 known vulnerabilities · sorted by CVSS score
Datto ALTO and SIRIS devices have a default VNC password.
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.