N/A

Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."

N/A

N/A

Datto Backup Agent 安全漏洞

Datto Backup Agent是美国Datto公司的一套数据备份代理软件。 Datto Backup Agent 1.0.6.0及之前的版本中存在安全漏洞，该漏洞源于程序没有对连接执行身份验证。攻击者可利用该漏洞冒充Datto Backup Appliance与代理进行配对，并向代理发送请求。

N/A

N/A