CVE-2018-15486
CRITICALKONE Group Controller <4.6.5 - Local File Inclusion
Title source: llmDescription
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.kone.com/en/vulnerability.aspx
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html
Scores
CVSS v3
9.1
EPSS
0.0206
EPSS Percentile
78.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-829
Status
published
Products (1)
kone/group_controller_firmware
< 4.6.5
Published
Sep 07, 2018
Tracked Since
Feb 18, 2026