Primary

Context

Samsung MagicINFO 9 Server Unrestricted File Upload Vulnerability Allowing Code Injection

Vulnerability

A vulnerability in Samsung Electronics MagicINFO 9 Server, versions prior to 21.1080.0, allows for unrestricted file uploads of dangerous types, leading to code injection. This issue arises from inadequate restrictions on file upload capabilities, enabling the injection of malicious code into the server.

Impact

Exploitation of this vulnerability could result in unauthorized code execution on the server.

Remediation

Users can check for the latest firmware updates through the Samsung Smart TV update settings. For Samsung Visual Displays, security patches are being released. If the default update settings are enabled, the latest firmware will have been automatically installed. Otherwise, new firmware versions can be downloaded from the Samsung website.

Added: Jul 23, 2025, 6:52 AM

Updated: Jul 23, 2025, 6:52 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung MagicINFO 9 Server Unrestricted File Upload Vulnerability Allowing Code Injection

Vulnerability

Impact

Remediation

Affected Products

Samsung MagicINFO 9 Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating