CVE-2018-15485

CVE-2018-15485 – KONE Group Controller (KGC) affects KGC devices before 4.6.5. The issue is that the FTP service does not require authentication or authorization, allowing unauthenticated access. According to NVD, this yields a high-impact potential for confidentiality and integrity (CVSS3: Criti...

CVE-2018-15484

The CVE-2018-15484 entry affects KONE Group Controller (KGC) devices prior to 4.6.5. The issue allows unauthenticated remote code execution via the open HTTP interface by modifying autoexec.bat (aka KONE-01). Impact is high: attacker can achieve remote code execution with network access and no pr...

CVE-2018-15486

The CVE-2018-15486 entry concerns KONE Group Controller (KGC) devices prior to version 4.6.5. The vulnerability enables Una uthenticated Local File Inclusion and file modification via the open HTTP interface by altering the name parameter of the file endpoint (aka KONE-02). This could impact conf...

CVE-2018-15483

CVE-2018-15483 affects KONE Group Controller (KGC) devices prior to 4.6.5. The issue enables Denial of Service via the open HTTP interface (KONE-04). Descriptions in connected sources confirm affected product/class and the vulnerability class, but there is no explicit remediation or in‑the‑wild e...