EUVD-2016-6717

Malware in sbrugna...

CVE-2016-5782

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information...

Cross site request forgery (csrf)

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information...

CVE-2016-5782

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information...

CVE-2016-5782

The CVE affects Locus Energy LGate devices (LGate firmware prior to 1.05H and models 50, 100, 101, 120, 320). The root cause is improper validation of POST data in the PHP-based web interface, enabling command injection via the LGate web server. Impact: remote, unauthenticated attackers could exe...

Multiple Locus Energy LGate Products OS Command Injection Vulnerabilities

Locus Energy LGate is a web-based data collection system from Locus Energy, Inc. An input validation vulnerability exists in multiple Locus Energy LGate products, which allows remote attackers to submit a special request, inject and execute arbitrary commands...

Some Solar Power Meters are Vulnerable to Command Injection Attacks

Solar software and analytics firm Locus Energy has pushed out a patch to its residential and commercial power meters to address a vulnerability that could allow hackers to access equipment and remotely execute code. According to independent security researcher Daniel Reich, who privately disclose...