VYPR
Vendor

Airleader

Products
5
CVEs
4
Across products
8
Status
Private

Products

5

Recent CVEs

4
  • CVE-2026-1358CriFeb 12, 2026
    risk 0.64cvss 9.8epss 0.01

    Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.

  • CVE-2020-26510CriNov 16, 2020
    risk 0.64cvss 9.8epss 0.02

    Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.

  • CVE-2020-26509HigNov 16, 2020
    risk 0.49cvss 7.5epss 0.01

    Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.

  • CVE-2025-46612HigJun 10, 2025
    risk 0.47cvss 7.2epss 0.01

    The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak…