Primary

Context

Samsung MagicINFO 9 Server Code Injection Vulnerability

Vulnerability

A code injection vulnerability has been identified in Samsung Electronics MagicINFO 9 Server versions prior to 21.1080.0. This vulnerability allows for improper control over code generation, enabling attackers to inject and execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected server.

Remediation

Users can check for the latest firmware updates through the Samsung Smart TV software update support policy, which guarantees updates for at least five years from the product launch. For MagicINFO 9 Server, security patches are being released as part of the Security Vulnerability Patch (SVP) program. The latest firmware can be downloaded from the Samsung website.

Added: Jul 23, 2025, 6:31 AM

Updated: Jul 23, 2025, 6:31 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung MagicINFO 9 Server Code Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Samsung MagicINFO 9 Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating