Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. Samsung MagicINFO Server is a centralized content management system (CMS) used to remotely manage and control digital signage displays made by Samsung. It is used by retail stores, airports, hospitals, corporate buildings, and restaurants, where there’s a need to schedule, distribute, display, and monitor multimedia content. The server component features a file upload functionality intended for updating display content, but hackers are abusing it to upload malicious code. The flaw, tracked under\u00a0CVE-2024-7399, was first publicly\u00a0disclosed in August 2024\u00a0when it was fixed as part of the release of version\u00a021.1050. The vendor described the vulnerability as an “Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server [that] allows attackers to write arbitrary file as system authority.”\u00a0 On April 30, 2025, security researchers at SSD-Disclosure published a\u00a0detailed write-up\u00a0along with a proof-of-concept (PoC) exploit that achieves RCE on the server without any authentication using a JSP web shell. The attacker uploads a malicious .jsp file via an unauthenticated POST request, exploiting path traversal to place it in a web-accessible location.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Contact us : 0915579536\u202c<\/a><\/p>\n\n\n\n Or on the website digitalonion.ly<\/a><\/p>\n\n\n\n