CVE-2024-7399

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.samsungtv.com/securityUpdates	Vendor Advisory
https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-exploitation-of-path-traversal-vulnerability-in-samsung-magicinfo-9-server-cve-2024-7399/	Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7399	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:magicinfo_9_server:*:*:*:*:*:*:*:*

History

24 Apr 2026, 20:23

Type	Values Removed	Values Added
References	~~() https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-exploitation-of-path-traversal-vulnerability-in-samsung-magicinfo-9-server-cve-2024-7399/ -~~	() https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-exploitation-of-path-traversal-vulnerability-in-samsung-magicinfo-9-server-cve-2024-7399/ - Third Party Advisory
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7399 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7399 - US Government Resource

24 Apr 2026, 20:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7399 -

24 Apr 2026, 18:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 8.8
References		() https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-exploitation-of-path-traversal-vulnerability-in-samsung-magicinfo-9-server-cve-2024-7399/ -

13 Aug 2024, 15:30

Type	Values Removed	Values Added
CPE		cpe:2.3:a:samsung:magicinfo_9_server::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 7.5
Summary		(es) La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido en la versión Samsung MagicINFO 9 Server anterior a la 21.1050 permite a los atacantes escribir archivos arbitrarios como autoridad del sistema.
First Time		Samsung magicinfo 9 Server Samsung
References	~~() https://security.samsungtv.com/securityUpdates -~~	() https://security.samsungtv.com/securityUpdates - Vendor Advisory

12 Aug 2024, 13:41

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2026-04-24 20:23

NVD link : CVE-2024-7399

Mitre link : CVE-2024-7399

CVE.ORG link : CVE-2024-7399

JSON object : View

Products Affected

samsung

magicinfo_9_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-434

Unrestricted Upload of File with Dangerous Type

8.8 /10