VYPR

Master

by Airleader

CVEs (3)

  • CVE-2026-1358CriFeb 12, 2026
    risk 0.64cvss 9.8epss 0.01

    Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.

  • CVE-2020-26510CriNov 16, 2020
    risk 0.64cvss 9.8epss 0.02

    Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.

  • CVE-2025-46612HigJun 10, 2025
    risk 0.47cvss 7.2epss 0.01

    The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak…