CVE-2015-0516

EMC ViPR SRM < 3.6.1 and Watch4Net < 6.5u1 - Authenticated Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-0516. PoCs published by Han Sahin.

AI-analyzed exploit summary The provided text describes a path traversal vulnerability (CVE-2015-0516) in EMC M&R (Watch4Net) and ViPR SRM, allowing authenticated attackers to read arbitrary files via the `fileFileName` parameter in the `/device-discovery/devicesource/downloadSeedFile` endpoint. No actual exploit code is included, only a technical description and example URL.

Description

Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.

Exploits (1)

exploitdb WRITEUP

by Han Sahin · textwebappsjava

https://www.exploit-db.com/exploits/36440

View Code ZIP pw:eip

The provided text describes a path traversal vulnerability (CVE-2015-0516) in EMC M&R (Watch4Net) and ViPR SRM, allowing authenticated attackers to read arbitrary files via the `fileFileName` parameter in the `/device-discovery/devicesource/downloadSeedFile` endpoint. No actual exploit code is included, only a technical description and example URL.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: EMC M&R (Watch4Net) < 6.5u1, EMC ViPR SRM < 3.6.1

Auth required

Prerequisites: Authenticated access to the target application · Network access to the vulnerable endpoint

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031567

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/534929/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/72255

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html

Exploit x_refsource_misc

https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2015/Mar/116

Scores

EPSS 0.0741

EPSS Percentile 93.7%

Details

CWE

CWE-22

Status published

Products (2)

emc/vipr_srm < 3.6.0

emc/watch4net < 6.5

Published Jan 21, 2015

Tracked Since Feb 18, 2026