Airleader Master
Summary
A remote code execution vulnerability exists in Airleader Master versions 6.381 and prior due to unrestricted file upload, potentially affecting multiple critical infrastructure sectors. An unauthenticated user could exploit this vulnerability to execute arbitrary code on the server. Upgrade to version 6.386 or later is recommended.
IFF Assessment
The vulnerability allows for remote code execution, which is harmful to defenders.
Severity
Defender Context
This vulnerability highlights the risk of unrestricted file uploads in industrial control systems (ICS). Defenders should ensure their ICS software is up-to-date and implement strict input validation and access controls to mitigate the risk of exploitation. Monitor network traffic for unusual file uploads and consider application whitelisting to prevent execution of unauthorized code.