KONE Group Controller (KGC) Devices Unauthenticated Local File Inclusion and File Modification Vulnerability

KONE Group Controller (KGC) Devices Unauthenticated Local File Inclusion and File Modification Vulnerability

CVE-2018-15486 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.

Learn more about our Web Application Penetration Testing UK.