Vulnerability Description
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Airleader | Airleader Master Control | <= 6.21 |
| Airleader | Airleader Easy | - |
| Airleader | Airleader Master | - |
Related Weaknesses (CWE)
References
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-033.tVendor Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-033.tVendor Advisory
FAQ
What is CVE-2020-26510?
CVE-2020-26510 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
How severe is CVE-2020-26510?
CVE-2020-26510 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-26510?
Check the references section above for vendor advisories and patch information. Affected products include: Airleader Airleader Master Control, Airleader Airleader Easy, Airleader Airleader Master.