CVE-2025-46612
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-10-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| airleader | easy_firmware | to 6.36 (exc) |
| airleader | easy | * |
| airleader | master_ii\+_firmware | to 6.36 (exc) |
| airleader | master_ii\+ | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Panel Designer dashboard of Airleader Master and Easy devices before version 6.36. It allows an attacker who can log in to the administrator console (which uses weak default credentials) to upload a malicious JSP file via an unrestricted file upload feature. This uploaded JSP file acts as a web shell, enabling the attacker to execute arbitrary operating system commands remotely with the highest privileges, as the web server runs with elevated rights by default. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to gain remote code execution on the affected device with system-level privileges. This can lead to full control over the device, unauthorized access to sensitive data, disruption of industrial control processes, and potentially using the compromised device as a foothold for further attacks within the network. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, first check if the device is running an affected version of Airleader Master or Easy before 6.36. Then, verify if the default weak credentials (username: airleader, password: airleader) are still in use by attempting to log in to the admin console at https://<device_ip>/admin/login.jsp?show=login. If access is granted, check for the presence of uploaded JSP shell files by accessing URLs like https://<device_ip>/wizard/images/panel/<shell_name>.jsp?pwd=test&cmd=whoami. Executing this command should return the user context (e.g., "nt authority\system") if the shell is present and active. These steps can be scripted or manually performed to confirm exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Airleader Master or Easy software to version 6.36 or later, where the vulnerability is fixed. Additionally, change the default weak administrator credentials to strong, unique passwords to prevent unauthorized access. Restrict access to the admin console to trusted networks and monitor for any suspicious file uploads or unexpected JSP files in the web interface directories. [1]