CVE-2024-7399

Published Aug 12, 2024

Last updated 14 days ago

Exploit knownCVSS high 8.8
Samsung MagicINFO 9 Server
MagicINFO Server

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-7399 is a path traversal vulnerability affecting Samsung MagicINFO 9 Server versions 21.1050 and earlier. This flaw stems from improper input verification, allowing unauthenticated attackers to upload arbitrary files, such as JavaServer Pages (JSP) files, to the server. By exploiting this, threat actors can execute arbitrary code with system authority on vulnerable servers. Although Samsung released a patch for this vulnerability in August 2024, active exploitation in the wild was observed starting in April 2025, shortly after a proof-of-concept (PoC) exploit was made public. Attackers have been leveraging CVE-2024-7399 to infect compromised MagicINFO servers with Mirai botnet malware.

Description
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
Source
PSIRT@samsung.com
NVD status
Analyzed
Products
magicinfo_9_server

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Exploit added on
Apr 24, 2026
Exploit action due
May 8, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

PSIRT@samsung.com
CWE-22
nvd@nist.gov
CWE-22

Social media

Hype score
Not currently trending

  1. Lazarus Group no necesitó credenciales. CVE-2024-7399: path traversal sin auth en Samsung MagicINFO 9. Control de toda la señalización corporativa. T1190 → T1021. ZDU-034 → https://t.co/fEjx12WJ9Z #ZDU034 #LazarusGroup #CVE20247399 #ZeroDayUnit #Ciberseguridad

    @zero_day_unit

    7 May 2026

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Samsung MagicINFO 9 Server has a known path traversal vulnerability (CVE-2024-7399) with mitigations required by May 2026. Review vendor guidance and apply patches promptly, or consider discontinuing use if no fix is available. #Cybersecurity

    @ADKCyber

    6 May 2026

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Samsung MagicINFO 9 Server has a known path traversal vulnerability (CVE-2024-7399). Businesses using this should follow vendor guidance for mitigations or consider discontinuing use if no fixes are available. Stay updated to manage risks. #Cybersecurity

    @ADKCyber

    2 May 2026

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Samsung MagicINFO 9 Server has a known path traversal vulnerability (CVE-2024-7399). Businesses using this should follow vendor guidance for mitigations or consider discontinuing use if no fixes are available. Stay updated to manage risks. #Cybersecurity

    @ADKCyber

    1 May 2026

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Samsung MagicINFO 9 Server has a known path traversal vulnerability (CVE-2024-7399). Businesses using this should follow vendor guidance for mitigations or consider discontinuing use if no fixes are available. Stay updated to manage risks. #Cybersecurity

    @ADKCyber

    30 Apr 2026

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. If you use Samsung MagicINFO 9 Server, note there's a known vulnerability (CVE-2024-7399) with a mitigation deadline of May 2026. Review vendor updates and consider risk management steps to protect your network. #CyberSecurity

    @ADKCyber

    29 Apr 2026

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-7399. CVE-2024-7399: Samsung MagicINFO Path Traversal to SYSTEM-Level RCE

    @lyrie_ai

    29 Apr 2026

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. 米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(4/24追加) 🛡️No.1581 CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability ✅概要 ・深刻度:緊急 9.8 (CVSS Base) / NVD ・種別:パス・トラバー

    @piyokango

    27 Apr 2026

    4126 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  9. CISAが既知の悪用された脆弱性4件をカタログに追加 CISA Adds Four Known Exploited Vulnerabilities to Catalog #CISA (Apr 24) CVE-2024-7399 Samsung MagicINFO 9 サーバーのパス・トラバーサル脆弱性 CVE-2024-57726 SimpleHelpの認証機能の欠

    @foxbook

    27 Apr 2026

    203 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🔴 Samsung MagicINFO CVE-2024-7399 is actively exploited and now in KEV. 🔴 SimpleHelp CVE-2024-57726/57728 are also in KEV, raising MSP foothold risk. https://t.co/pBWq66uIkZ

    @solomonneas

    26 Apr 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Top 5 Trending CVEs: 1 - CVE-2014-6271 2 - CVE-2026-35535 3 - CVE-2024-7399 4 - CVE-2025-29635 5 - CVE-2026-0628 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    26 Apr 2026

    223 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CISA added 4 CVEs to KEV: Samsung MagicINFO (CVE-2024-7399), two SimpleHelp RMM bugs (CVE-2024-57726/57728), D-Link DIR-823X (CVE-2025-29635). RMM remains a top ransomware on-ramp - patch yours hard. https://t.co/HLdbWLw0wQ #infosec #CISA #KEV #ransomware

    @CyberDaily_News

    26 Apr 2026

    163 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA added CVE-2024-7399 to KEV: a path traversal in Samsung MagicINFO 9 Server that lets an unauth attacker write arbitrary files as SYSTEM. If you run digital signage on Samsung displays, patch or pull it offline. https://t.co/LIrnXze45G

    @TechTranslators

    25 Apr 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CISAが既知の悪用された脆弱性4件をカタログに追加 https://t.co/sXZPpnkL5q CVE-2024-7399  Samsung MagicINFO 9 サーバーのパス・トラバーサル脆弱性 CVE-2024-57726  SimpleHelpの認証機能の欠落に関する脆弱性 CVE-2024-57728  SimpleHe

    @cybersecnews_jp

    25 Apr 2026

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Top 5 Trending CVEs: 1 - CVE-2024-7399 2 - CVE-2023-50224 3 - CVE-2025-48700 4 - CVE-2025-20333 5 - CVE-2026-5281 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    25 Apr 2026

    226 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  16. 🚨 BREAKING: #BreakingNews CISA adds 4 exploited flaws to KEV catalog: CVE-2024-7399 (Samsung MagicINFO 9 Server), CVE-2024-57726 & CVE-2024-57728 (SimpleHelp), CVE-2025-29635 (D-Link DIR-823X routers). Sets May 2026 federal deadline. #US #Cybersecurity #CISA #KEV https://t

    @Archange_Shadow

    25 Apr 2026

    162 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 【概ね平和】米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに4件の脆弱性を追加。Samsung MagicINFO 9 ServerのCVE-2024-7399、SimpleHelpのCVE-2024-57726とCVE-2024-57728、D-Link DIR-823XのC

    @__kokumoto

    24 Apr 2026

    950 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  18. 🛡️ Vulnerabilidad Path Traversal en Samsung MagicINFO 9 Server (CVE-2024-7399) Análisis técnico de la CVE-2024-7399 en Samsung MagicINFO 9 Server: una falla de path traversal que permite escritura de archivos arbitrarios. Impacto, mitigaci https://t.co/5NmaxMJi9s #ciberpl

    @CiberPlanetaOrg

    24 Apr 2026

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🛡️ Alerta de Seguridad: Vulnerabilidad de Path Traversal en Samsung MagicINFO 9 Server (CVE-2024-7399) La vulnerabilidad CVE-2024-7399 en Samsung MagicINFO 9 Server permite path traversal (CWE-22, CWE-434) para escribir archivos arbitrarios con privilegios de sistema, con CV

    @CiberPlanetaOrg

    24 Apr 2026

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ‼️ Four vulnerabilities have been added to the CISA KEV Catalog CVE-2025-29635 - D-Link DIR-823X Command Injection Vulnerability CVE-2024-7399 - Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57728 - SimpleHelp Path Traversal Vulnerability CVE-2024-57726

    @DarkWebInformer

    24 Apr 2026

    3949 Impressions

    6 Retweets

    20 Likes

    7 Bookmarks

    1 Reply

    0 Quotes

  21. ‼️🇩🇪 A threat actor claims to have breached Aigner Immobilien, a leading real estate brokerage company based in Munich, Germany with over 30 years of experience. The attacker details the intrusion method: initial access via CVE-2024-7399 into a Windows 11 environment,

    @DarkWebInformer

    22 Mar 2026

    28552 Impressions

    16 Retweets

    226 Likes

    87 Bookmarks

    1 Reply

    1 Quote

  22. GitHub - davidxbors/CVE-2024-7399-POC - https://t.co/rLmz0wDnXa

    @piedpiper1616

    31 May 2025

    560 Impressions

    0 Retweets

    4 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  23. CVE-2024-7399 RCE as system analysis + poc: https://t.co/2BrH4DE9Oj

    @visitorish

    30 May 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. https://t.co/8i8D0swAZP Samsung server software attacked by exploit A vulnerability was discovered in Samsung MagicINFO 9 in August 2024. After a research report was published in April, an exploit for the CVE-2024-7399 vulnerability emerged and was immediately exploited. Rece

    @B2bCyber

    14 May 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 不適切に修正されたSamsung MagicINFOの脆弱性がボットネットによって悪用されるCVE-2024-7399 https://t.co/unrX0j5Id3 #Security #セキュリティ #ニュース

    @SecureShield_

    9 May 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Cybersecurity alert: The Samsung MagicINFO CVE-2024-7399 vulnerability remains actively exploited despite August patches. Attackers upload malicious JSP files & execute remote code on affected servers, risking major breaches. 🚨 #Security #Samsung https://t.co/1u9bFPlyo5

    @TweetThreatNews

    8 May 2025

    64 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🚨 Cyber Alert! Threat actors are exploiting a high-severity flaw (CVE-2024-7399) in Samsung MagicINFO just days after its PoC exploit went live. Stay informed and protect your systems! 🔒 Read more: https://t.co/tSx3zusFRr... https://t.co/QEHMdTo6CQ

    @do360now

    7 May 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2024-7399 : Samsung MagicINFO 9 Server RCE flaw now exploited in attacks Samsung MagicINFO Server is a centralized content management system (CMS) used to remotely manage and control digital signage displays made by Samsung. https://t.co/JSnqVC5gmR

    @freedomhack101

    7 May 2025

    21 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 Samsung MagicINFO RCE flaw now exploited in live attacks Hackers are abusing a critical zero-auth bug (CVE-2024-7399) to drop malware and Mirai payloads on digital signage servers. Patch now or risk takeover. https://t.co/rlaZX7HFTk #CVE20247399 #MagicINFO #samsung https:

    @dCypherIO

    7 May 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. ⚠️ハッカーらがSamsung MagicINFOとGeoVision IoTの脆弱性を悪用し、Miraiボットネットを展開(CVE-2024-6047、CVE-2024-7399他) 🐼Panda Shop:中国系カーディング集団の大規模スミッシング 〜サイバーアラート 5月7日〜 ht

    @MachinaRecord

    7 May 2025

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  31. サムスンMagicINFO 9サーバーのRCE脆弱性が攻撃で悪用されるように(CVE-2024-7399) https://t.co/wFsIHz60QF #Security #セキュリティ #ニュース

    @SecureShield_

    7 May 2025

    46 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  32. A remote code execution vulnerability (CVE-2024-7399) in Samsung's MagicINFO 9 Server allows hackers to hijack devices and deploy malware through file uploads. Disclosed in August 2024, it was patched in version 21.1050. Upgrading is essential to prevent exploitation. #Security h

    @Strivehawk

    6 May 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🧠 Mirai Botnet Targets Samsung Digital Displays via MagicINFO Flaw Hackers are exploiting CVE-2024-7399 to hijack signage systems with Mirai malware. No login needed—just patch ASAP. https://t.co/YdPMRtrzXz #CyberSecurity #MiraiBotnet https://t.co/8pdFGkGNeg

    @dCypherIO

    6 May 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. サイバーセキュリティ企業Arctic Wolfによると、Samsungのコンテンツ管理システム「MagicINFO」に存在する重大な脆弱性(CVE-2024-7399)が、2025年4月末に公開されたPoCコードを受けて、数日内に悪用され始めた。

    @yousukezan

    6 May 2025

    1338 Impressions

    2 Retweets

    9 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  35. CVE-2024-7399 A critical zero-day in Samsung MagicINFO is actively exploited for unauthenticated remote code execution. Public-facing displays at risk. Patch now to secure systems. #CyberSecurity #CVE20247399 #MagicINFO #PatchNow https://t.co/DDkLvjAeWg

    @CloneSystemsInc

    6 May 2025

    46 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Exploited: Vulnerability in software for managing #Samsung digital #displays (#CVE-2024-7399) https://t.co/daPkHe9lbI

    @ScyScan

    6 May 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨 Threat Alert: "Mirai" Exploits Samsung MagicINFO CMS (CVE-2024-7399) 📅 Date: 2024-08 📆 Timeline: Observations of exploitation activity since August 2024 patch release 📌 Attribution: Mirai botnet operators (also known as Mirai) 📝 Summary: The Mirai botnet is

    @syedaquib77

    6 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨 Critical alert: CVE-2024-7399 actively exploited in Samsung MagicINFO servers (<21.1050). Unauthenticated RCE risks full compromise of digital signage networks. Patch now! Have you secured your systems? Learn more: https://t.co/CvMV8N2JWt #CyberSecurity #InfoSec https:/

    @zerodailyme

    6 May 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. "Mirai" Now Exploits Samsung MaginINFO CMS (CVE-2024-7399), (Mon, May 5th) https://t.co/9yuvsGzkWE #SANS #Cybersecurity https://t.co/63aPWZBlSA

    @PoseidonTPA

    5 May 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Arctic Wolf Observes Exploitation of Path Traversal Vulnerability in Samsung MagicINFO 9 Server (CVE-2024-7399) https://t.co/qO56tRhBza

    @Dinosn

    5 May 2025

    1365 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. ⚠️ Critical RCE Vulnerability in Samsung MagicINFO 9 Server​ https://t.co/1FsV9ZpHxb A severe security flaw, identified as CVE-2024-7399, has been discovered in Samsung's MagicINFO 9 Server versions prior to 21.1050. This vulnerability allows unauthenticated remote att

    @Huntio

    5 May 2025

    178 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.CVE-2026-25202
  2. An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.CVE-2026-25201
  3. A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.CVE-2026-25200
  4. Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.CVE-2025-54455
  5. Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.CVE-2025-54449

References

Sources include official advisories and independent security research.