Samsung Electronics Magicinfo 9 Server vulnerabilities
24 known vulnerabilities affecting samsung_electronics/magicinfo_9_server.
Total CVEs
24
CISA KEV
2
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL20HIGH4
Vulnerabilities
Page 1 of 2
CVE-2024-7399P1CRITICALCVSS 9.8KEVPoCfixed in 21.10502024-08-12
CVE-2024-7399 [CRITICAL] CWE-22 CVE-2024-7399: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Ser
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
nvd
CVE-2025-4632P1CRITICALCVSS 9.8KEVPoCfixed in 21.10522025-05-13
CVE-2025-4632 [CRITICAL] CWE-22 CVE-2025-4632: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Ser
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
nvd
CVE-2025-54455P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54455 [CRITICAL] CWE-798 CVE-2025-54455: Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authent
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54454P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54454 [CRITICAL] CWE-798 CVE-2025-54454: Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authent
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54441P2HIGHCVSS 8.8v21.1080.02025-07-23
CVE-2025-54441 [HIGH] CWE-434 CVE-2025-54441: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54439P2HIGHCVSS 8.8v21.1080.02025-07-23
CVE-2025-54439 [HIGH] CWE-434 CVE-2025-54439: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54446P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54446 [CRITICAL] CWE-22 CVE-2025-54446: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0
nvd
CVE-2025-54438P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54438 [CRITICAL] CWE-22 CVE-2025-54438: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0
nvd
CVE-2025-54443P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54443 [CRITICAL] CWE-22 CVE-2025-54443: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0
nvd
CVE-2025-54445P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54445 [CRITICAL] CWE-611 CVE-2025-54445: Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54449P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54449 [CRITICAL] CWE-434 CVE-2025-54449: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54448P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54448 [CRITICAL] CWE-434 CVE-2025-54448: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54444P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54444 [CRITICAL] CWE-434 CVE-2025-54444: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54440P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54440 [CRITICAL] CWE-434 CVE-2025-54440: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54442P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54442 [CRITICAL] CWE-434 CVE-2025-54442: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54447P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54447 [CRITICAL] CWE-434 CVE-2025-54447: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54452P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54452 [CRITICAL] CWE-287 CVE-2025-54452: Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authenticatio
Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54453P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54453 [CRITICAL] CWE-22 CVE-2025-54453: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2025-54450P2CRITICALCVSS 9.8v21.1080.02025-07-23
CVE-2025-54450 [CRITICAL] CWE-22 CVE-2025-54450: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
nvd
CVE-2026-25200P2CRITICALCVSS 9.8v21.1090.12026-02-02
CVE-2026-25200 [CRITICAL] CWE-434 CVE-2026-25200: A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentica
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover
This issue affects MagicINFO 9 Server: less than 21.1090.1.
nvd
1 / 2Next →