MagicINFO Server: Path traversal and unrestricted file upload in Samsung MagicINFO 9 Server (CWE-22, CWE-434) (CVE-2024-7399) #shorts

Summary

In this episode we discuss CVE-2024-7399, a critical path traversal and unrestricted file upload vulnerability in Samsung MagicINFO 9 Server prior to version 21.1050. Discovered in August 2024, this flaw has been weaponized by the Mirai botnet to achieve remote code execution and deploy malicious payloads.

Product details

Samsung MagicINFO 9 Server is a content management system used for digital signage and display management. Versions earlier than 21.1050 are affected. Administrators deploy MagicINFO to schedule and distribute multimedia content across screens in retail, corporate, and public environments.

Vulnerability type summary

This issue combines two common weaknesses: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, aka path traversal) and CWE-434 (Unrestricted Upload of File with Dangerous Type). Together they allow an attacker to upload and place arbitrary files outside the intended directory.

Details of the vulnerability

An attacker can craft a specially named file and submit it via the MagicINFO upload endpoint. Because input validation is insufficient, the path traversal sequence (e.g. '../') escapes the restricted directory. The unrestricted upload allows a malicious script to be saved as a system-level file. Exploited in the wild by Mirai malware, the flaw lets the attacker drop a Mirai bot downloader script, escalate privileges to system authority, and execute arbitrary code remotely.

Conclusion

To mitigate CVE-2024-7399, Samsung released MagicINFO Server version 21.1050. Administrators should update immediately, review web-facing upload endpoints, and apply network segmentation for critical infrastructure. Regularly audit logs for unauthorized uploads and monitor for signs of Mirai or other botnet activity.

Watch the full video on YouTube: CVE-2024-7399

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-7399
Description
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
Provider
samsung.tv_appliance
CWE / problem types
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),CWE-434 Unrestricted Upload of File with Dangerous Type
Affected Software Versions
Samsung Electronics:MagicINFO 9 Server:[{'lessThan': '21.1050', 'status': 'affected', 'version': '0', 'versionType': 'custom'}]
Date Published
2024-08-09T04:43:29.828Z
Last Updated
2025-05-08T03:56:06.233Z