Back to KEVs

CVE-2024-7399

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 02, 2024
Published Date: August 09, 2024
Last Updated: May 08, 2025
Vendor: Samsung Electronics
Product: MagicINFO 9 Server
Description: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score: 60.46% (Percentile: 98.15%) as of 2025-06-04

SSVC Information

Exploitation: poc
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-05-06 10:46:19 UTC) Source
Used in Malware: Yes (added 2025-05-05 00:00:00 UTC) Source

References

https://security.samsungtv.com/securityUpdates

Known Exploited Vulnerability Information

Source	Added Date
CyberInsider	2025-05-06 10:45:19 UTC

Recent Mentions

Follow-Up: Samsung MagicINFO 9 Remains Vulnerable to CVE-2024-7399 Amid Lack of Complete Patch

Source: Arctic Wolf • Published: 2025-05-08 07:20:55 UTC

Update – Recent reports confirm that the previously recommended fixed version (21.1050) of Samsung MagicINFO 9 Server remains vulnerable to CVE-2024-7399, a high-severity path traversal flaw. There is currently no official patch available, and the only mitigation is to ensure MagicINFO Server is not internet-facing. At the start of May 2025, Arctic Wolf observed in-the-wild ... Follow-Up: Samsung MagicINFO 9 Remains Vulnerable to CVE-2024-7399 Amid Lack of Complete Patch

Samsung MagicINFO Flaw Now Actively Exploited by Mirai Botnet

Source: CyberInsider • Published: 2025-05-06 10:43:16 UTC

Security researchers have confirmed active exploitation of a critical vulnerability in Samsung’s MagicINFO 9 Server (CVE-2024-7399), with recent attacks linking the flaw to Mirai botnet deployment. The vulnerability enables unauthenticated attackers to upload arbitrary files and achieve remote code execution, posing a serious risk to digital signage systems managed by the software. Arctic Wolf was … The post Samsung MagicINFO Flaw Now Actively Exploited by Mirai Botnet appeared first on CyberInsider.

Arctic Wolf Observes Exploitation of Path Traversal Vulnerability in Samsung MagicINFO 9 Server (CVE-2024-7399)

Source: Arctic Wolf • Published: 2025-05-05 17:41:55 UTC

As of early May 2025, Arctic Wolf has observed exploitation in the wild of CVE-2024-7399 in Samsung MagicINFO 9 Server—a content management system (CMS) used to manage and remotely control digital signage displays. The vulnerability allows for arbitrary file writing by unauthenticated users, and may ultimately lead to remote code execution when the vulnerability is ... Arctic Wolf Observes Exploitation of Path Traversal Vulnerability in Samsung MagicINFO 9 Server (CVE-2024-7399)

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/magicinfo_traversal.rb	2025-06-09 13:48:40 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7399.yaml	2025-05-31 07:30:21 UTC

Timeline

CVE ID Reserved

August 02, 2024
CVE Published to Public

August 09, 2024
Exploit Used in Malware

May 05, 2025
Added to KEVIntel

May 06, 2025
Detected by Nuclei

May 31, 2025
Detected by Metasploit

June 09, 2025