CVE-2020-26510
CRITICALAirleader Master <= 6.21 - Unauthenticated Remote Code Execution via Default Credentials
Title source: llmDescription
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-033.txt
Scores
CVSS v3
9.8
EPSS
0.0211
EPSS Percentile
79.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-1188
Status
published
Products (1)
airleader/airleader_master_control
< 6.21
Published
Nov 16, 2020
Tracked Since
Feb 18, 2026