CVE-2016-6601

HIGH NUCLEI

ZOHO WebNMS Framework <5.2-5.2 SP1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-6601. PoCs published by Pedro Ribeiro, including Metasploit module auxiliary/admin/http/webnms_file_download. A Nuclei detection template is also available.

AI-analyzed exploit summary The document describes multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1, including directory traversal leading to RCE, file download via traversal, weak password obfuscation, and user impersonation. CVE-2016-6603 specifically covers user account impersonation via the 'UserName' HTTP header.

Description

Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

Exploits (2)

exploitdb WRITEUP
by Pedro Ribeiro · textwebappsjsp
https://www.exploit-db.com/exploits/40229

The document describes multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1, including directory traversal leading to RCE, file download via traversal, weak password obfuscation, and user impersonation. CVE-2016-6603 specifically covers user account impersonation via the 'UserName' HTTP header.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WebNMS Framework Server 5.2 and 5.2 SP1
No auth needed
Prerequisites: Network access to the WebNMS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/webnms_file_download.rb

This Metasploit module exploits a directory traversal vulnerability in WebNMS Framework Server 5.2 to download arbitrary text files from the filesystem. It uses the FetchFile servlet to perform the traversal attack, with support for both known and brute-forced traversal paths.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WebNMS Framework Server 5.2 and 5.2 SP1
No auth needed
Prerequisites: Network access to the target server · WebNMS Framework Server with vulnerable FetchFile servlet exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
HIGHby 0x_Akoko

References (10)

Core 10
Core References
Exploit, Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Aug/54
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92402
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40229/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/539159/100/0/threaded
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://blogs.securiteam.com/index.php/archives/2712

Scores

CVSS v3 7.5
EPSS 0.9278
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
zohocorp/webnms_framework 5.2 (2 CPE variants)
Published Jan 23, 2017
Tracked Since Feb 18, 2026