Cybercriminals are now actively exploiting a critical remote code execution (RCE) flaw in Samsung’s MagicINFO 9 Server, a platform widely used for managing digital signage across industries like retail, healthcare, and transportation.
The flaw, identified as CVE-2024-7399, allows attackers to upload malicious files and execute system-level commands without authentication by abusing a path traversal weakness in the server's file upload function.
Although Samsung addressed the issue in version 21.1050 released in August 2024, the recent publication of a proof-of-concept by SSD-Disclosure has led to real-world attacks.
Security firm Arctic Wolf and analyst Johannes Ullrich both confirmed that threat actors, including Mirai botnet operators, are leveraging this vulnerability to hijack devices.
The ease of exploitation combined with the public exploit code increases the risk of widespread attacks. Administrators are strongly urged to patch their servers immediately, though confusion remains over whether the fix is fully available on Samsung’s official download site.
Read more...