Aggregates CVE and security vulnerability intelligence across all airleader-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk denial of service, with potential vendor impact application crash across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-46612 | The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard. | [email protected] | 7.2 | 1.71% | 2025-06-10 | 2025-10-16 |
| CVE-2020-26510 | Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. | [email protected] | 9.8 | 1.14% | 2020-11-16 | 2024-11-21 |
| CVE-2020-26509 | Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. | [email protected] | 7.5 | 0.34% | 2020-11-16 | 2024-11-21 |