Vulnerability Details CVE-2018-15486
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.8%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
Products affected by CVE-2018-15486
-
cpe:2.3:h:kone:group_controller:-
-
cpe:2.3:o:kone:group_controller_firmware:-