Samsung MagicINFO 9 Server Path Traversal Vulnerability
Details
CVSS v3
8.8
NVD published
2024-08-12 13:38:41
CISA date
2026-04-24
EPSS
81.3% probability · 99.2th percentile — 2026-05-12
Affected versions
Samsung MagicINFO 9 Server versions before the vendor's security update
Summary
This high-severity path traversal flaw impacts Samsung MagicINFO 9 Server, a common digital signage content management platform. Attackers can exploit the vulnerability to write arbitrary files with system-level privileges on the affected server. This can lead to full remote code execution and complete system compromise. Public exploit code is available for this issue.
Remediation
Apply the official security patch released by Samsung for MagicINFO 9 Server as soon as possible. Limit external network access to MagicINFO instances to only trusted business IP ranges. Follow CISA KEV guidance to prioritize remediation of this known exploited flaw.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.