CVE-2026-25202

{"id": "CVE-2026-25202", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "PSIRT@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-02T05:16:07.280", "references": [{"url": "https://security.samsungtv.com/securityUpdates", "tags": ["Vendor Advisory"], "source": "PSIRT@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "PSIRT@samsung.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1."}, {"lang": "es", "value": "La cuenta y la contrase\u00f1a de la base de datos est\u00e1n codificadas de forma r\u00edgida, permitiendo el inicio de sesi\u00f3n con la cuenta para manipular la base de datos en el servidor MagicInfo9. Este problema afecta a MagicINFO 9 Server: versiones inferiores a 21.1090.1."}], "lastModified": "2026-03-10T18:44:22.143", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:magicinfo_9_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72138C44-D3F0-4373-967F-831861E19195", "versionEndExcluding": "21.1090.1"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@samsung.com"}