Primary

Context

Samsung MagicINFO 9 Server Path Traversal Vulnerability Allowing Web Shell Upload

Vulnerability

A path traversal vulnerability has been identified in Samsung Electronics MagicINFO 9 Server versions prior to 21.1080.0. This vulnerability allows attackers to upload a web shell to the web server by improperly limiting a pathname to a restricted directory.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, allowing for the execution of malicious scripts on the web server.

Remediation

Users can check for the latest firmware updates through the Samsung Smart TV software update support policy, which guarantees updates for at least five years from the product launch. For MagicINFO 9 Server, the latest security vulnerability patch is available as part of the SVP-MAY-2025 update.

Added: Jul 23, 2025, 6:19 AM

Updated: Jul 23, 2025, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung MagicINFO 9 Server Path Traversal Vulnerability Allowing Web Shell Upload

Vulnerability

Impact

Remediation

Affected Products

Samsung MagicINFO 9 Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating