Unvalidated POST Request Vulnerability in Locus Energy LGate

Unvalidated POST Request Vulnerability in Locus Energy LGate

CVE-2016-5782 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.

Learn more about our Network Penetration Testing.