Ethical Hacking News
Security experts warn that hackers are exploiting a critical unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. To protect themselves, system administrators must take immediate action to patch this vulnerability and upgrade their server to version 21.1050 or later.
The Samsung MagicINFO 9 Server is vulnerable to an unauthenticated remote code execution (RCE) vulnerability. Hackers are abusing the file upload functionality to upload malicious code and deploy malware. The CVE-2024-7399 flaw was first publicly disclosed in August 2024 and has been actively exploited by threat actors since then. The attack method involves exploiting path traversal to execute arbitrary OS commands and see the output in the browser. System administrators are strongly advised to upgrade their Samsung MagicINFO Server to version 21.1050 or later as soon as possible.
The recent revelation that hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware is a stark reminder of the ever-evolving nature of cybersecurity threats. The Samsung MagicINFO Server, a centralized content management system used to remotely manage and control digital signage displays made by Samsung, has been found vulnerable to this critical RCE flaw.
The Samsung MagicINFO Server features a file upload functionality intended for updating display content, but hackers are abusing it to upload malicious code. This vulnerability, tracked under CVE-2024-7399, was first publicly disclosed in August 2024 when it was fixed as part of the release of version 21.1050. However, the vendor's prompt action did not prevent threat actors from adopting this attack method and exploiting it in real-world operations.
According to security researchers at SSD-Disclosure, who published a detailed write-up along with a proof-of-concept (PoC) exploit that achieves RCE on the server without any authentication using a JSP web shell, attackers can upload malicious code via an unauthenticated POST request. By exploiting path traversal to place the malicious file in a web-accessible location, threat actors can execute arbitrary OS commands and see the output in the browser.
Arctic Wolf, a cybersecurity firm, has confirmed that the CVE-2024-7399 flaw is actively exploited in attacks just days after the PoC's release. This confirms that threat actors have adopted the disclosed attack method in real-world operations, highlighting the urgent need for system administrators to take immediate action to patch this vulnerability.
The fact that a Mirai botnet malware variant has been seen leveraging CVE-2024-7399 to take over devices further underscores the severity of this issue. The active exploitation status of the flaw means that no organization using Samsung MagicINFO 9 Server can afford to wait and see how this vulnerability will play out in the coming weeks.
In light of this critical security alert, system administrators are strongly advised to upgrade their Samsung MagicINFO Server to version 21.1050 or later as soon as possible. This simple yet effective step can prevent threat actors from exploiting this RCE flaw and deploying malware on vulnerable devices.
Moreover, this incident serves as a stark reminder that no organization is immune to cybersecurity threats. The recent surge in attacks using Mirai botnet malware variants has highlighted the need for all organizations to take proactive measures to protect themselves against these types of threats.
The security landscape continues to evolve at an unprecedented rate, and it is essential for system administrators to stay vigilant and adapt quickly to new security vulnerabilities. By taking immediate action to patch this vulnerability and staying informed about emerging security threats, organizations can minimize their risk exposure and ensure the continued integrity of their digital infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/Samsung-MagicINFO-9-Server-RCE-Flaw-A-Wake-Up-Call-for-System-Administrators-ehn.shtml
https://www.bleepingcomputer.com/news/security/samsung-magicinfo-9-server-rce-flaw-now-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-7399
https://www.cvedetails.com/cve/CVE-2024-7399/
Published: Tue May 6 12:32:17 2025 by llama3.2 3B Q4_K_M
