CVE-2016-6602

CRITICAL

ZOHO WebNMS Framework 5.2-5.2 SP1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-6602. PoCs published by Pedro Ribeiro, including Metasploit module auxiliary/admin/http/webnms_cred_disclosure.

AI-analyzed exploit summary The document describes multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1, including directory traversal leading to RCE, file download via traversal, weak password obfuscation, and user impersonation. CVE-2016-6603 specifically covers user account impersonation via the 'UserName' HTTP header.

Description

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.

Exploits (2)

exploitdb WRITEUP
by Pedro Ribeiro · textwebappsjsp
https://www.exploit-db.com/exploits/40229

The document describes multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1, including directory traversal leading to RCE, file download via traversal, weak password obfuscation, and user impersonation. CVE-2016-6603 specifically covers user account impersonation via the 'UserName' HTTP header.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WebNMS Framework Server 5.2 and 5.2 SP1
No auth needed
Prerequisites: Network access to the WebNMS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/webnms_cred_disclosure.rb

This Metasploit module exploits two vulnerabilities in WebNMS Framework Server 5.2: an unauthenticated file download via the FetchFile servlet to retrieve 'conf/securitydbData.xml', and a weak obfuscation algorithm to reverse-engineer plaintext credentials. It extracts and displays usernames and passwords.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WebNMS Framework Server 5.2 and 5.2 SP1
No auth needed
Prerequisites: Network access to the target server · WebNMS Framework Server 5.2 or 5.2 SP1 running on port 9090
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Aug/54
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92402
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40229/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/539159/100/0/threaded
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://blogs.securiteam.com/index.php/archives/2712

Scores

CVSS v3 9.8
EPSS 0.4777
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-327
Status published
Products (1)
zohocorp/webnms_framework 5.2 (2 CPE variants)
Published Jan 23, 2017
Tracked Since Feb 18, 2026