← Back

Airleader

airleader

3 CVEs • 7 products

Products (7)

Click to collapse
Toggle
Airleader Master Control
airleader_master_control
2 CVEs
Easy Firmware
easy_firmware
1 CVE
Master Ii+ Firmware
master_ii+_firmware
1 CVE
Airleader Easy
airleader_easy
0 CVEs
Airleader Master
airleader_master
0 CVEs
Easy
easy
0 CVEs
Master Ii+
master_ii+
0 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-46612
1Airleader
2Easy Firmware
Master Ii+ Firmware
Oct 16, 2025
Jun 10, 2025
N/A· v4
7.2 HIGH· v3
N/A· v2
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to...Show more
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.Show less
CVE-2020-26510
1Airleader
1Airleader Master Control
Nov 21, 2024
Nov 16, 2020
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
CVE-2020-26509
1Airleader
1Airleader Master Control
Nov 21, 2024
Nov 16, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.