CVE-2018-15486
Summary
| CVE | CVE-2018-15486 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-09-07 22:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. |
Risk And Classification
Problem Types: CWE-829
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Kone | Group Controller | - | All | All | All |
| Hardware | Kone | Group Controller | - | All | All | All |
| Operating System | Kone | Group Controller Firmware | All | All | All | All |
| Operating System | Kone | Group Controller Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security vulnerability list | CONFIRM | www.kone.com | Vendor Advisory |
| KONE KGC 4.6.4 DoS / Code Execution / LFI / Bypass ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.