Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. id: CVE-2024-7399 info: name: Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution author:...

Exploit for Path Traversal in Samsung Magicinfo_9_Server

Samsung MagicINFO 9 Server Exploit CVE-2025-4632 This repos...

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-7399link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726link is external SimpleHelp Missing Authorization Vulnerability...

Samsung MagicINFO 9 Server Path Traversal Vulnerability

Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority...

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO 9 Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the produ...

CVE-2026-25203

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1...

CVE-2026-25203

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1...

CVE-2026-25203

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1...

CVE-2026-25203

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1...

EUVD-2026-21252

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1...

CVE-2026-25203

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1...

CVE-2026-25203

Samsung MagicINFO 9 Server is affected by an Incorrect Default Permissions Local Privilege Escalation vulnerability in versions before 21.1091.1. The issue, with CVSSv3.1 metrics of AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and a base score of 7.8 (HIGH), indicates that an attacker with local access an...

PT-2026-31844

Name of the Vulnerable Software and Affected Versions Samsung MagicINFO 9 Server versions prior to 21.1091.1 Description A local privilege escalation issue exists in Samsung MagicINFO 9 Server versions prior to 21.1091.1 due to incorrect default permissions. Recommendations Update Samsung MagicIN...

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-level digital signage content management and device monitoring platform developed by South Korean company Samsung. Versions of SAMSUNG MagicINFO 9 Server prior to 21.1091.1 contained security vulnerabilities. These vulnerabilities were caused by imprope...

CVE-2026-25201

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25202

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25201

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25201

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25200

A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1...