Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User

A critical security vulnerability has been discovered in Samsung’s MagicINFO digital signage management platform that could allow attackers to execute arbitrary code with system-level privileges without requiring authentication. Security researchers have identified a path traversal vulnerability that enables attackers to write arbitrary files to the system. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability, tracked as CVE-2024-7399, affects Samsung MagicINFO 9 Server versions prior to 21.1050 and has received a CVSS score of 9.8, indicating maximum severity. Samsung MagicINFO is widely used for digital signage management across various industries, making this vulnerability particularly concerning for organizations that rely on this platform for their display systems. When combined, these vulnerabilities allow attackers to upload malicious JSP files and execute arbitrary server-side code with system privileges. This implementation enables attackers to upload web shells or other malicious code that can be executed with server privileges, potentially leading to complete system compromise. Samsung has acknowledged the vulnerability and released a patch in version 21.1050 of the MagicINFO 9 Server.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 10:15:06 +0000

Cyber News related to Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User

Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User - A critical security vulnerability has been discovered in Samsung’s MagicINFO digital signage management platform that could allow attackers to execute arbitrary code with system-level privileges without requiring authentication. Security ...
1 week ago Cybersecuritynews.com CVE-2024-7399

Samsung MagicINFO 9 Server RCE flaw now exploited in attacks - Given the active exploitation status of the flaw, it is recommended that system administrators take immediate action to patch CVE-2024-7399 by upgrading the Samsung MagicINFO Server to version 21.1050 or later. Hackers are exploiting an ...
6 days ago Bleepingcomputer.com CVE-2024-7399

Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild - However, the situation changed dramatically when a research article with technical details and a proof-of-concept exploit was published on April 30, 2025 and within days, Arctic Wolf began observing active exploitation attempts in the wild. As threat ...
6 days ago Cybersecuritynews.com CVE-2024-7399

Samsung hit by new data breach impacting UK store customers - Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online ...
1 year ago Bleepingcomputer.com LAPSUS$

CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
1 year ago

Epic Sues Google, Samsung Over App Store Barriers | Silicon UK - In its new case Epic claims that a month before the Epic Games Store launch in August, Samsung decided to enable Auto Blocker by default, making it more difficult for buyers of new phones to install competing app stores. Epic Games has filed a second ...
7 months ago Silicon.co.uk

Samsung Galaxy Store Flaws Put Millions of Devices Vulnerable - Researchers have discovered severe security flaws in the Samsung Galaxy Store application. These vulnerabilities put millions of users, including those who use Samsung phones, tablets, smart TVs, and wearables, at risk of cyberattacks. The security ...
2 years ago Securityaffairs.com

Samsung Galaxy Store App Found Vulnerable to Hackers - Security researchers have found that the Samsung Galaxy Store app is vulnerable to hackers, putting millions of users at risk of data theft and cyber attacks. According to researchers from the Security Research Center at Michigan University, the app ...
2 years ago Thehackernews.com

How Russian Hackers Attack Samsung Devices – A Comprehensive Guide - Samsung devices have become all the rage around the globe. Unfortunately, their popularity also attracts the attention of hackers and other cybercriminals who take advantage of them to spread their malicious codes and conduct their illegal ...
2 years ago Heimdalsecurity.com

Samsung One UI Security Flaw Exposes Users Data in Plain Text With No Expiration! - Security researchers have identified that Samsung devices running Android 9 or later store all clipboard content—including passwords, banking details, and personal messages in plain text indefinitely with no automatic deletion mechanism. Even when ...
2 weeks ago Cybersecuritynews.com

Protecting Your Device from Unwanted App Installations: An Overview of Samsung Galaxy Store Flaws - As more and more devices become connected to the internet, it's important to be aware of the security measures we should take to protect our data and digital identities. Smartphones and other mobile devices can be particularly vulnerable targets, due ...
2 years ago Securityweek.com

The Exploration of Static vs Dynamic Code Analysis - Two essential methodologies employed for this purpose are Static Code Analysis and Dynamic Code Analysis. Static Code Analysis involves the examination of source code without its execution. In this exploration of Static vs Dynamic Code Analysis, ...
1 year ago Feeds.dzone.com

CVE-2021-41129 - Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not ...
1 year ago

Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com

Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com

KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques - Apple has further reinforced KASLR on macOS for Apple Silicon by implementing “double map” kernel isolation, which separates user-space and kernel-space address layouts. The findings, presented at the 2024 ACM SIGSAC Conference on ...
2 months ago Cybersecuritynews.com

Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto - The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits targeting consumer products between October 24 and October 27. During the Pwn2Own Toronto 2023 hacking event organized by ...
1 year ago Bleepingcomputer.com

Samsung Galaxy App Store Vulnerabilities: Exploits Released and What These Mean For Users - Exploits have recently been released for two Samsung Galaxy App Store vulnerabilities, representing a major security risk for users of the smartphone. The first vulnerability is in the Galaxy App Store where malicious app developers can bypass ...
2 years ago Bleepingcomputer.com

CVE-2019-16400 - Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: ...
4 years ago

CVE-2019-16401 - Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: ...
4 years ago

Samsung Galaxy gets new Auto Blocker anti-malware feature - Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices. Auto Blocker is an opt-in security feature that prevents the side-loading of risky apps ...
1 year ago Bleepingcomputer.com Rocke

Samsung 'Sees Fourth-Quarter Chip Rebound' - Analysts expect Samsung to show lowest profit drop in six quarters in latest sign of semiconductor market recovery. Samsung Electronics is expected to report a smaller drop in profits than has become usual over the past year and a half, in the latest ...
1 year ago Silicon.co.uk

CVE-2024-7399 - Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. ...
9 months ago CVE-2024-7399

Cisco Secure Access Extends SSE With Mobile Zero Trust - Earlier this year, we introduced Cisco Secure Access, a security service edge solution that combines a secure web gateway, cloud access security broker, firewall-as-a-service, zero trust access and more, to help organizations address this challenge ...
1 year ago Feedpress.me

CVE-2022-49882 - In the Linux kernel, the following vulnerability has been resolved: ...
1 week ago

Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User

Cyber News related to Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)