彙總 datto 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 路徑處理缺陷與輸入驗證問題 相關,可能在 生產負載與軟體部署 場景中帶來 檔案覆寫與異常行為 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2015-9256 | Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. | [email protected] | 5.3 | 0.24% | 2018-02-20 | 2024-11-21 |
| CVE-2015-9255 | Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. | [email protected] | 5.3 | 0.23% | 2018-02-20 | 2024-11-21 |
| CVE-2015-9254 | Datto ALTO and SIRIS devices have a default VNC password. | [email protected] | 9.8 | 0.34% | 2018-02-20 | 2024-11-21 |
| CVE-2015-2081 | Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. | [email protected] | 9.8 | 1.90% | 2018-02-20 | 2024-11-21 |
| CVE-2017-16674 | Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA | [email protected] | 8.0 | 0.21% | 2017-11-09 | 2026-05-13 |
| CVE-2017-16673 | Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto." | [email protected] | 5.3 | 0.09% | 2017-11-09 | 2026-05-13 |