cvedb.io
CVE-2018-15486
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2018-09-07T22:29:01.493 · Last modified 2026-06-17T01:42:36.863

Summary

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.

Affected products

kone — group_controller_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when kone ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.