Airleader
Products
5- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1358 | Cri | 0.64 | 9.8 | 0.01 | Feb 12, 2026 | Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server. | ||
| CVE-2020-26510 | Cri | 0.64 | 9.8 | 0.02 | Nov 16, 2020 | Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. | ||
| CVE-2020-26509 | Hig | 0.49 | 7.5 | 0.01 | Nov 16, 2020 | Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. | ||
| CVE-2025-46612 | Hig | 0.47 | 7.2 | 0.01 | Jun 10, 2025 | The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak… |
- risk 0.64cvss 9.8epss 0.01
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.
- risk 0.64cvss 9.8epss 0.02
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
- risk 0.49cvss 7.5epss 0.01
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.
- risk 0.47cvss 7.2epss 0.01
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak…