CVE-2016-5782
HIGHLocus Energy LGate < 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, LGate 320 - Improper Input Validation
Title source: llmDescription
An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94782
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94698
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0
Scores
CVSS v3
8.6
EPSS
0.0207
EPSS Percentile
79.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Details
CWE
CWE-20
Status
published
Products (2)
locusenergy/lgate_firmware
n/a/Locus Energy LGate through 320
Locus Energy LGate through 320
Published
Feb 13, 2017
Tracked Since
Feb 18, 2026