Samsung MagicINFO 9 Server RCE flaw now exploited in attacks

Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. Samsung MagicINFO Server is a centralized content management system (CMS) used to remotely manage and control digital signage displays made by Samsung. It is used by retail stores, airports, hospitals, corporate buildings, and restaurants, where there's a need to schedule, distribute, display, and monitor multimedia content. The server component features a file upload functionality intended for updating display content, but hackers are abusing it to upload malicious code. The flaw, tracked under CVE-2024-7399, was first publicly disclosed in August 2024 when it was fixed as part of the release of version 21.1050. The vendor described the vulnerability as an "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server [that] allows attackers to write arbitrary file as system authority." ... Read full article.