Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1358 | 1 Airleader | 1 Airleader Master | 2026-02-17 | 9.8 Critical |
| Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server. | ||||
| CVE-2025-46612 | 1 Airleader | 4 Easy, Easy Firmware, Master Ii\+ and 1 more | 2025-10-16 | 7.2 High |
| The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard. | ||||
| CVE-2020-26510 | 1 Airleader | 3 Airleader Easy, Airleader Master, Airleader Master Control | 2024-11-21 | 9.8 Critical |
| Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. | ||||
| CVE-2020-26509 | 1 Airleader | 3 Airleader Easy, Airleader Master, Airleader Master Control | 2024-11-21 | 7.5 High |
| Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. | ||||
Page 1 of 1.