Primary

Context

Samsung MagicINFO 9 Server Unrestricted File Upload Vulnerability Allowing Code Injection

Vulnerability

A vulnerability in Samsung Electronics MagicINFO 9 Server, versions prior to 21.1080.0, allows for unrestricted file uploads of dangerous types, leading to code injection. This issue arises from inadequate restrictions on file upload functionalities, enabling the injection of malicious code into the server.

Impact

Exploitation of this vulnerability could result in unauthorized code execution on the server.

Remediation

Users can check for the latest firmware updates on the Samsung website. If the default update settings are enabled, the latest firmware will have been automatically installed. For specific update information, consult the Samsung Security Vulnerability Patch (SVP) schedule.

Added: Jul 23, 2025, 6:35 AM

Updated: Jul 23, 2025, 6:35 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung MagicINFO 9 Server Unrestricted File Upload Vulnerability Allowing Code Injection

Vulnerability

Impact

Remediation

Affected Products

Samsung MagicINFO 9 Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating