Ethical Hacking News
A critical vulnerability in Samsung MagicINFO has been exploited by threat actors just days after a proof-of-concept (PoC) exploit was published. The high-severity vulnerability (CVE-2024-7399) allows for arbitrary file writing and may lead to remote code execution, highlighting the need for organizations to prioritize their security posture and apply any available patches or updates.
The Samsung MagicINFO 9 Server version before 21.1050 has been exploited by threat actors due to a CVE-2024-7399 vulnerability. The vulnerability allows for arbitrary file writing and may lead to remote code execution when used with specially crafted JavaServer Pages (JSP) files. The vulnerability has a CVSS score of 8.8, indicating it's a high-severity issue that can have significant consequences if exploited. Threat actors began exploiting the vulnerability just days after a proof-of-concept (PoC) was published on April 30, 2025. Samsung released a patch in August 2024, but some users may not have applied it in time, allowing attackers to exploit the vulnerability. Organizations using digital signage displays must prioritize their security posture and ensure timely software/hardware updates to prevent exploitation. Continuous monitoring and detection capabilities are crucial for identifying and responding to emerging threats like this one.
Samsung MagicINFO, a content management system (CMS) used to manage and remotely control digital signage displays, has been exploited by threat actors just days after a proof-of-concept (PoC) exploit was published. This vulnerability, tracked as CVE-2024-7399 (CVSS score: 8.8), is an improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050.
According to Arctic Wolf researchers, the vulnerability allows for arbitrary file writing by unauthenticated users, and may ultimately lead to remote code execution when the vulnerability is used to write specially crafted JavaServer Pages (JSP) files. The CVSS score of 8.8 indicates that this is a high-severity vulnerability that can have significant consequences if exploited.
The Samsung MagicINFO 9 Server version before 21.1050 was first disclosed in August 2024, and at the time, there were no signs of it being exploited. However, just days after a proof-of-concept (PoC) was published on April 30, 2025, threat actors began taking advantage of this vulnerability. Given how easy it is to exploit, and the public availability of the PoC, experts believe that the attacks are likely to continue.
Samsung addressed the vulnerability with the release of MagicINFO 9 Server version 21.1050 in August 2024, but it seems that not all users were able to take advantage of this patch in a timely manner. As a result, threat actors have already begun exploiting this vulnerability, which has serious implications for digital signage displays and the organizations that rely on them.
The fact that the PoC exploit was published just days before threat actors began exploiting it highlights the rapid pace at which vulnerabilities are discovered and published, as well as the speed with which attackers can take advantage of these vulnerabilities. This is a stark reminder to all organizations using digital signage displays to prioritize their security posture and ensure that any new software or hardware updates are applied in a timely manner.
In addition to the Samsung MagicINFO vulnerability, this incident also highlights the importance of continuous monitoring and detection capabilities for identifying and responding to emerging threats. Organizations must have robust security measures in place to detect and respond to threats like this one, and must be prepared to quickly take action to mitigate any potential damage.
The use of proof-of-concept exploits can often serve as a catalyst for real-world attacks, and it is clear that Samsung MagicINFO has been targeted by threat actors. This vulnerability highlights the need for organizations to prioritize their security posture and ensure that all software and hardware updates are applied in a timely manner.
In light of this incident, we urge all organizations using digital signage displays to take immediate action to address this vulnerability. This includes applying any available patches or updates, as well as conducting thorough risk assessments to identify any potential vulnerabilities.
Furthermore, we recommend that organizations use threat intelligence and detection capabilities to monitor for signs of malicious activity related to this vulnerability. Early detection and response can help mitigate the impact of a successful attack.
In conclusion, the Samsung MagicINFO flaw is a high-severity vulnerability that has been exploited by threat actors just days after its publication. This incident highlights the importance of continuous monitoring and detection capabilities, as well as prioritizing security posture to prevent exploitation of new vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/Samsung-MagicINFO-Flaw-A-High-Severity-Vulnerability-Exploited-Just-Days-After-Proof-of-Concept-Publication-ehn.shtml
https://securityaffairs.com/177529/hacking/samsung-magicinfo-vulnerability-exploited-after-poc-publication.html
https://www.securityweek.com/samsung-magicinfo-vulnerability-exploited-days-after-poc-publication/
https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html
https://nvd.nist.gov/vuln/detail/CVE-2024-7399
https://www.cvedetails.com/cve/CVE-2024-7399/
Published: Tue May 6 14:33:54 2025 by llama3.2 3B Q4_K_M
