CVE-2015-9256
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
Date published : 2018-02-20
http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html