Infoblox Netmri vulnerabilities
11 known vulnerabilities affecting infoblox/netmri.
Total CVEs
11
CISA KEV
0
Public exploits
4
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH3MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2025-32814P1CRITICALCVSS 9.8ExploitedPoCfixed in 7.6.12025-05-22
CVE-2025-32814 [CRITICAL] CWE-89 CVE-2025-32814: An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
nvd
CVE-2025-32813P1HIGHCVSS 7.2ExploitedPoCfixed in 7.6.12025-05-22
CVE-2025-32813 [HIGH] CWE-77 CVE-2025-32813: An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection ca
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.
nvd
CVE-2025-32815P1MEDIUMCVSS 6.5ExploitedPoCfixed in 7.6.12025-05-22
CVE-2025-32815 [MEDIUM] CWE-287 CVE-2025-32815: An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded crede
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
nvd
CVE-2014-3418P2CRITICALCVSS 10.0PoC≤ 6.8.4v6.0.2.42+4 more2014-07-15
CVE-2014-3418 [CRITICAL] CWE-78 CVE-2014-3418: config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitr
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
nvd
CVE-2015-2033P2CRITICALCVSS 10.0≤ 6.8.2.112015-02-20
CVE-2015-2033 [CRITICAL] CWE-287 CVE-2015-2033: Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to
Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request.
nvd
CVE-2024-52874P2HIGHCVSS 8.8fixed in 7.6.12025-05-22
CVE-2024-52874 [HIGH] CWE-89 CVE-2024-52874: In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
nvd
CVE-2024-54188P3MEDIUMCVSS 5.3fixed in 7.6.12025-05-22
CVE-2024-54188 [MEDIUM] CWE-200 CVE-2024-54188: Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitra
Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
nvd
CVE-2014-3419P4HIGHCVSS 7.2≤ 6.8.4v6.0.2.42+4 more2014-07-15
CVE-2014-3419 [HIGH] CWE-255 CVE-2014-3419: Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account,
Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.
nvd
CVE-2016-6484P4MEDIUMCVSS 6.1≤ 7.0.12017-01-23
CVE-2016-6484 [MEDIUM] CWE-93 CVE-2016-6484: CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attack
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
nvd
CVE-2018-6643P4MEDIUMCVSS 6.1v7.1.12018-08-28
CVE-2018-6643 [MEDIUM] CWE-79 CVE-2018-6643: Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.
nvd
CVE-2011-5178P4MEDIUMCVSS 4.3v6.0.2.42v6.1.2+2 more2012-09-20
CVE-2011-5178 [MEDIUM] CWE-79 CVE-2011-5178: Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox
Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.
nvd