Arbitrary File Write Vulnerability in Samsung MagicINFO 9 Server
CVE-2024-7399

8.8HIGH

Key Information:

Vendor

Samsung Electronics

Status
Magicinfo 9 Server
Vendor
CVE Published:
12 August 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 2,030πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟣 EPSS 60%πŸ“° News Worthy

What is CVE-2024-7399?

CVE-2024-7399 is a critical vulnerability identified in Samsung MagicINFO 9 Server, which functions as a digital signage management platform designed for controlling and distributing multimedia content on Samsung's commercial displays. This software is widely used across various sectors, including transportation networks, retail environments, corporate offices, and healthcare facilities. The vulnerability arises from improper handling of input verification, specifically related to pathnames, enabling unauthorized users to write arbitrary files to the system with elevated privileges. This flaw occurs due to inadequate sanitization of filename inputs, rendering it possible for an attacker to upload malicious scripts that the server executes with system authority. Such exploitation could lead to severe operational disruptions, data breaches, and unauthorized access to sensitive information, significantly impacting organizational integrity and security.

Potential impact of CVE-2024-7399

  1. Remote Code Execution: The vulnerability allows unauthenticated attackers to leverage a path traversal flaw to execute arbitrary code. This control can facilitate the deployment of malicious scripts or web shells, leading to unauthorized administrative access to the system, which can be detrimental to system integrity.

  2. Data Breaches: By exploiting this vulnerability, attackers could gain unauthorized access to sensitive data managed through the MagicINFO platform. This risk is particularly acute as these displays often handle critical information in public and corporate environments, increasing the potential for significant data loss or disclosure.

  3. Botnet Recruitment and DDoS Attacks: The presence of compromised MagicINFO servers has been linked to the Mirai botnet, a collection of hijacked devices used for launching Distributed Denial of Service (DDoS) attacks. This association highlights how exploitation of the vulnerability can contribute to broader cyber threats, using vulnerable systems as part of coordinated attacks against other targets.

Affected Version(s)

MagicINFO 9 Server Windows 0 < 21.1050

News Articles

favicon imageRapid7

Metasploit Wrap-Up | Rapid7 Blog

Last updated at Thu, 22 May 2025 18:14:26 GMT This week's wrap-up includes many new modules, but notably, we've upgraded Metasploit loading. Thanks to bcoles, the bootup performance when searching for a...

2 weeks ago

favicon imageHelp Net Security

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers - Help Net Security

Companies using Samsung MagicINFO 9 should upgrade to the latest available version to fix a vulnerability exploited by attackers in the wild.

3 weeks ago

favicon imageInfosecurity Magazine

Confusion Reigns as Threat Actors Exploit Samsung MagicInfo Flaw

Researchers spot in-the-wild exploits of Samsung MagicInfo despite recent patch

4 weeks ago

References

https://security.samsungtv.com/securityUpdates
vendor-advisory

EPSS Score

60% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anonymous working with Trend Mirco Zero Day Initiative
.