Samsung MagicINFO 9 Server Flaw Opens Path to Remote Code Execution
SammyGuru is reader-supported. We have affiliate and sponsored partnerships, so we may earn a commission when you buy through links on our site — at no extra cost to you. Learn more.
It looks like there’s a massive security flaw within the Samsung MagicINFO 9 Server, the main component of the MagicINFO digital signage software. Security researchers say that the latest version of MagicINFO 9 Server is vulnerable. The vulnerability allows hackers to take control of the system, upload malicious files, and run harmful commands.
In case you are unaware, MagicINFO 9 helps with user data, content, and display management. It’s a CMS (Centralized Content Management System) from Samsung, and you can use it to remotely manage digital signage displays. Businesses can manage a network of multiple displays using this, all from a single point. Remote hardware control, real-time monitoring, and other features make it stand out.
Samsung has not yet fixed the MagicINFO 9 Server vulnerability
On January 12, a researcher working with SSD Disclosure notified Samsung about the multiple security issues with the MagicINFO 9 server. A user who’s not authenticated can upload a web shell and also achieve remote code execution. This is under the Apache Tomcat process, and it’s a major security issue that’s actively under exploitation.
Samsung marked this as a duplicate issue and didn’t seem to take quick action. After over 90 days on April 30, a blog post from SSD Disclosure details the issue and says it affected Samsung’s latest MagicINFO 9 update (version 21.1050.0). This suggests that even the most up-to-date version is still vulnerable, and Samsung has not fixed the security flaw.
Now, Arctic Wolf, the threat research team, says that the security issue was being actively exploited in the wild. This is the result of the CVE-2024-7399 flaw. Its description reads: “Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
Additionally, Huntress, a threat-hunting cybersecurity platform, also says the latest 21.1050.0 version is still vulnerable to a proof-of-concept (PoC) attack. The team at Huntress has notified Samsung about the issue. To those who use the MagicINFO 9 server, security researchers recommend not using the internet with it until Samsung rolls out a fix for the security flaw.
Written by
Binay KonwarBinay Konwar started his blogging journey in 2014 and has since written plenty of tech articles. At present, he is working as a News Writer at SammyGuru, covering everything about Samsung. He holds a Master's degree in Mathematics, but his real passion lies in tech and writing. In his free time, he enjoys playing chess and watching movies.
Follow us on Google Discover & set us as a preferred source in Google News
Share this Post
___________________________
New Blog Posts
___________________________
First Set of Pixel 11 Pro XL Renders Are Here
Pixel 11 Pro XL CAD renders show minimal design changes
Is Samsung Preparing One UI 8.5 Beta for Galaxy Z Fold 5 and Flip 5?
Samsung may launch a One UI 8.5 beta program for its 2023 foldables
Galaxy S25 One UI 8.5 Beta May Run Longer Than Expected
Galaxy S25 series’ One UI 8.5 beta may stretch to 10 rounds
