Primary

Context

Samsung MagicINFO 9 Server Unrestricted File Upload Vulnerability Allowing Code Injection

Vulnerability

A vulnerability in Samsung Electronics MagicINFO 9 Server, prior to version 21.1080.0, allows for unrestricted file uploads of dangerous types, leading to code injection. This issue arises from inadequate validation of uploaded files, enabling the execution of malicious code on the server.

Impact

Exploitation of this vulnerability could result in unauthorized code execution on the server where MagicINFO 9 Server is installed.

Remediation

Users can check for the latest firmware updates on the Samsung website. If the default update settings are enabled, the latest version will have been automatically installed. Delivery times for security patches may vary by region and model.

Added: Jul 23, 2025, 6:39 AM

Updated: Jul 23, 2025, 6:39 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung MagicINFO 9 Server Unrestricted File Upload Vulnerability Allowing Code Injection

Vulnerability

Impact

Remediation

Affected Products

Samsung MagicINFO 9 Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating