Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. Samsung MagicINFO Server is a centralized content management system (CMS) used to remotely manage and control digital signage displays made by Samsung. It is used by retail stores, airports, hospitals, corporate buildings, and restaurants, where there’s a need to schedule, distribute, display, and monitor multimedia content. The server component features a file upload functionality intended for updating display content, but hackers are abusing it to upload malicious code. The flaw, tracked under CVE-2024-7399, was first publicly disclosed in August 2024 when it was fixed as part of the release of version 21.1050. The vendor described the vulnerability as an “Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server [that] allows attackers to write arbitrary file as system authority.” On April 30, 2025, security researchers at SSD-Disclosure published a detailed write-up along with a proof-of-concept (PoC) exploit that achieves RCE on the server without any authentication using a JSP web shell. The attacker uploads a malicious .jsp file via an unauthenticated POST request, exploiting path traversal to place it in a web-accessible location.
Contact us : 0915579536
Or on the website digitalonion.ly
Visit us at our company address: Tripoli – Andalus Street – Next to the Iraqi Embassy.
Leave a Reply