Hackers are exploiting an informal remote code execution (RCE) vulnerability to deploy kidnapping equipment and malware in the Samsung Magicinfo 9 server.
The Samsung Magicinfo Server is a centralized material management system (CMS) used to manage and control the digital signage display made by Samsung. It is used by retail stores, airports, hospitals, corporate buildings and restaurants, where multimedia material is required to schedule, distribute, display and monitor.
The server component has a file upload functionality to update the performance material, but hackers are abusing it to upload malicious code.
Defended, tracked under Cve-2024-7399Earlier public was Revealed in August 2024 When it was fixed as part of the release of version 21.1050.
The seller allows the vulnerability to “Samsung Magicinfo 9 server (that) described as an inappropriate range of a patname for vulgarity (which) allows the attackers to write arbitrary file as a system authority.”
On 30 April 2025, SSD-Disclose published by security researchers Detailed writing With a proof-off-concept (POC) exploitation that receives RCE on the server without any authentication using JSP web shell.
The attacker uploads a malicious .JSP file through a malicious post request, exploiting the path traversal to place it in a web-accessible place.
By visiting the file uploaded with the CMD parameter, they can execute the arbitrary OS command and see the output in the browser.
Arctic Wolf Now reports that the CVE -2024-7399 defects have been actively exploited in attacks a few days after the release of POC, showing that the danger actors have adopted the method of attack in real operations.
“Given the low obstruction for exploitation and the availability of a public POC, the danger actors are likely to continue to target this vulnerability,” Arctic wolf warned,
Another active exploitation confirms comes from the danger analyst Johannes UlrichThose who took advantage of the CVE-2024-7399 to handle the device and told Mirai Botnet Malware Variant.
Given the state of active exploitation of the defect, it is recommended that the system administrator take immediate action to patches the CVE-2024-7399 by upgrading the Samsung Magicinfo server to 21.1050 or later to the version.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
