Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-7399Path Traversal in Electronics Magicinfo 9 Server

CWE-22Path TraversalCWE-434Unrestricted File Upload10 documents9 sources
Severity
7.5HIGHNVD
CNA8.8VulnCheck8.8
EPSS
71.0%
top 1.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Samsung Electronics Magicinfo 9 ServerSamsung Magicinfo 9 Server
Timeline
PublishedAug 12
Latest updateMay 7

Description

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-9x68-238r-w7mq: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 212024-08-12
CVEList
CVE-2024-7399: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 212024-08-09
VulnCheck
Samsung magicinfo_9_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2024

💥Exploits & PoCs

2
Nuclei
Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution
Metasploit
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Samsung MagicINFO SWUpdateFileUploader fileName parameter Directory Traversal Attempt (CVE-2024-7399)2025-05-06

🕵️Threat Intelligence

3
Huntress
Rapid Response: Samsung MagicINFO 9 Server Flaw2025-05-07
Bleepingcomputer
Samsung MagicINFO 9 Server RCE flaw now exploited in attacks2025-05-06
Huntress
Rapid Response: Samsung MagicINFO 9 Server Flaw | Huntress
CVE-2024-7399 — Path Traversal | cvebase