cvedb.io
CVE-2025-46612
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2025-06-10T15:15:25.027 · Last modified 2026-06-17T09:26:42.643

Summary

The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.

Affected products

airleader — easy_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when airleader ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.