CVE-2018-15484

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:kone:group_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kone:group_controller:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:50

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html - Third Party Advisory, VDB Entry
References () https://www.kone.com/en/vulnerability.aspx - Vendor Advisory () https://www.kone.com/en/vulnerability.aspx - Vendor Advisory

Information

Published : 2018-09-07 22:29

Updated : 2024-11-21 03:50


NVD link : CVE-2018-15484

Mitre link : CVE-2018-15484

CVE.ORG link : CVE-2018-15484


JSON object : View

Products Affected

kone

  • group_controller
  • group_controller_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')