CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-7399

High Severity
SVRS
68/100
CVSSv3
7.5/10
EPSS
0.00228/1

CVE-2024-7399: A path traversal vulnerability exists in Samsung MagicINFO 9 Server before version 21.1050. This flaw enables attackers to write arbitrary files with system-level privileges due to improper restriction of pathnames. While the CVSS score is 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is 68, suggesting a notable risk level. Attackers could exploit this vulnerability to overwrite critical system files, leading to system compromise or denial of service. Although the SVRS does not indicate "immediate action" level urgency, remediation should be prioritized. The fact that this vulnerability is tagged as "In The Wild" further underscores the importance of applying necessary patches or mitigations immediately to prevent potential exploitation. Ignoring this vulnerability exposes MagicINFO 9 Server installations to serious security risks.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:H
A:N
PUBLICATION DATE2025-05-08
LAST MODIFIED2024-08-09
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-7399 describes an improper limitation of a pathname to a restricted directory vulnerability (CWE-22) in Samsung MagicINFO 9 Server versions prior to 21.1050. This flaw allows attackers to write arbitrary files with system authority. The SVRS score of 68 indicates a moderate risk level, suggesting a need for prompt, but not necessarily immediate, remediation. However, the tag "In The Wild" indicates the vulnerability is actively exploited by hackers, increasing its risk.

Key Insights

  • Arbitrary File Write: The core issue is that attackers can write arbitrary files, potentially leading to system compromise by overwriting critical system files or injecting malicious code.
  • System Authority: Exploitation occurs with system authority, granting attackers significant control over the affected server. This elevates the severity as they can perform a wider range of malicious activities.
  • Samsung MagicINFO 9 Impact: Specifically affecting Samsung MagicINFO 9 Server, organizations using this software are at risk. Given its purpose (digital signage), impacted systems could include public-facing displays, which, if compromised, can lead to reputation damage in addition to direct data loss.
  • Actively Exploited: The "In The Wild" tag confirms that this vulnerability is being actively exploited by hackers, necessitating heightened urgency in patching and monitoring.

Mitigation Strategies

  • Immediate Patching/Updating: Upgrade Samsung MagicINFO 9 Server to version 21.1050 or a later version where the vulnerability is resolved. This is the most effective mitigation.
  • Input Validation: Implement or enhance input validation mechanisms on the server to prevent malicious path manipulation attempts. Specifically, validate and sanitize all file paths provided by users or external sources.
  • Access Control Review: Review and restrict access permissions for the directories where files are written. Implement the principle of least privilege, ensuring only necessary users and processes have write access.
  • Web Application Firewall (WAF) Rules: Deploy or update WAF rules to detect and block attempts to exploit this vulnerability by filtering out suspicious requests containing malicious file paths.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Samsung MagicINFO flaw exploited days after PoC exploit publication
Pierluigi Paganini2025-05-06
Samsung MagicINFO flaw exploited days after PoC exploit publication | Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published. Arctic Wolf researchers observed threat actors beginning to exploit a high-severity vulnerability, tracked as CVE-2024-7399 (CVSS score: 8.8), in the Samsung MagicINFO content management system (CMS) just days after proof-of-concept (PoC) exploit code was publicly released. The vulnerability […] Threat actors started exploiting a
securityaffairs.co
rss
forum
news
Tageszusammenfassung - 06.05.2025
CERT.at2025-05-06
Tageszusammenfassung - 06.05.2025 | End-of-Day report Timeframe: Montag 05-05-2025 18:00 - Dienstag 06-05-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a News Man pleads guilty to using malicious AI software to hack Disney employee Fake image-generating app allowed man to download 1.1TB of Disney-owned data. https://arstechnica.com/ai/2025/05/man-pleads-guilty-to-using-malicious-ai-software-to-hack-disney-employee/ Luna Moth extortion hackers pose as IT help
cert.at
rss
forum
news
Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild - CybersecurityNews
2025-05-06
Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild - CybersecurityNews | News Content: A critical security vulnerability in Samsung’s digital signage management platform has moved from theoretical risk to active threat as attackers begin exploiting it in real-world attacks. CVE-2024-7399, a high-severity vulnerability affecting Samsung MagicINFO 9 Server, is now being actively exploited by threat actors. The vulnerability, which carries a CVSS score of 9.8 (indicating maximum severity), enables unauthenticated attackers to upload malicious files to vulnerable servers and potentially gain complete system control. Security experts warn that organizations using the affected software should implement patches
google.com
rss
forum
news
SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost;
Dr. Johannes B. Ullrich2025-05-06
SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost; | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost; Mirai Now Exploits Samsung MagicINFO CMS CVE-2024-7399 The Mirai botnet added a new vulnerability to its arsenal. This vulnerability, a file upload and remote code execution vulnerability in Samsung s MagicInfo 9 CMS, was patched last August but attracted new attention last week after being mostly ignored
sans.edu
rss
forum
news
Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)
Zeljka Zorz2025-05-06
Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) | An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being leveraged by attackers. Exploit attempts have been flagged by the SANS Internet Storm Center and Arctic Wolf researchers: the attackers are using the vulnerability to upload and execute a script that contains a downloader for a Mirai bot. About CVE-2024-7399 Samsung MagicINFO is a digital signage management platform that is used to create, schedule, &#8230; <a href="https://www.helpnetsecurity.com
helpnetsecurity.com
rss
forum
news
"Mirai" Now Exploits Samsung MaginINFO CMS (CVE-2024-7399), (Mon, May 5th)
2025-05-05
"Mirai" Now Exploits Samsung MaginINFO CMS (CVE-2024-7399), (Mon, May 5th) | Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution &#x5b;1&#x5d;. The announcement was very sparse and did not even include affected systems:&#xd;Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution [1]. The announcement was very sparse and did not even include affected systems:
sans.edu
rss
forum
news
Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User
Kaaviya2025-04-30
Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User | A critical security vulnerability has been discovered in Samsung&#8217;s MagicINFO digital signage management platform that could allow attackers to execute arbitrary code with system-level privileges without requiring authentication. The vulnerability, tracked as CVE-2024-7399, affects Samsung MagicINFO 9 Server versions prior to 21.1050 and has received a CVSS score of 9.8, indicating maximum severity. Security researchers [&#8230;] The post Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User<
cybersecuritynews.com
rss
forum
news

Social Media

🚨 Urgent: Samsung MagicINFO 9 Server flaw (CVE-2024-7399) is being actively exploited by Mirai botnets for unauthenticated RCE. Patch now or isolate systems—PoC code is public. Details: https://t.co/l5K8Tt4uIM
0
0
0
🚨 Cyber Alert! Threat actors are exploiting a high-severity flaw (CVE-2024-7399) in Samsung MagicINFO just days after its PoC exploit went live. Stay informed and protect your systems! 🔒 Read more: https://t.co/tSx3zusFRr... https://t.co/QEHMdTo6CQ
0
0
0
Your digital signs could be SILENTLY SPREADING MALWARE. Hackers ck Samg MagicINFO servers via a ZERO-CLICK flaw (CVE-2024-7399) to deploy botnets. Patch NOW or become collateral damage. Details: https://t.co/A2VrLk7PVl #PatchNow #ThreatIntelligence #RCE #MIRAI #InfoSec #PoC https://t.co/vxkaEfJDtY
0
0
0
🚨 Samsung MagicINFO RCE flaw now exploited in live attacks Hackers are abusing a critical zero-auth bug (CVE-2024-7399) to drop malware and Mirai payloads on digital signage servers. Patch now or risk takeover. https://t.co/rlaZX7HFTk #CVE20247399 #MagicINFO #samsung https://t.co/4aGp6ZB9kN
0
0
0
Mirai Botnet Exploits Samsung MagicINFO Vulnerability (CVE-2024-7399) A significant security vulnerability (CVE-2024-7399) has been identified in Samsung's MagicINFO 9, an earlier version of their CMS that fell prey to a file upload flaw leading to remote code execution. Mirai,
0
0
0
専門家はSAP NetWeaverのバグCVE-2025-31324を狙った攻撃の第二波を警告 Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324 #SecurityAffairs (May 6) Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)
0
0
1
19 new OPEN, 27 new PRO (19 + 8) BlackByte Ransomware, Win32/XWorm, Win32/Lumma Stealer, Samsung (CVE-2024-7399), DigiEver (CVE-2023-52163), GeoVision Command Injection Attempt, LandUpdate808, TA569 Thanks @msftsecurity https://t.co/UD1xMkkiJN
0
0
0
⚠️ Vulnerability Update: Samsung MagicINFO Server Remote Code Execution Vulnerability 🔎 CVE: CVE-2024-7399 📅 Timeline: No significant changes detected; initial disclosure in August 2024, patch the following day, with active exploitation observed by early May 2025 following
0
0
0
A remote code execution vulnerability (CVE-2024-7399) in Samsung's MagicINFO 9 Server allows hackers to hijack devices and deploy malware through file uploads. Disclosed in August 2024, it was patched in version 21.1050. Upgrading is essential to prevent exploitation. #Security https://t.co/bwBIXujL8y
0
0
0
Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) - Help Net Security - https://t.co/Vraz6M3axN
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://security.samsungtv.com/securityUpdates

CWE Details

CWE IDCWE NameDescription
CWE-434Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence