[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-7399":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-25T12:20:59.409Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":51,"aliases":75,"duplicate_of":9,"upstream":76,"downstream":77,"duplicates":78,"related":79,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":91,"kevs":109,"epss":120,"epss_history":122,"metrics":357,"affected":368},"CVE-2024-7399","Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.",null,[11,40],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"_key":41,"id":41,"name":42,"description":43,"type":15,"status":44,"abstraction":17,"likelihood_of_exploit":45,"capec":46},"CWE-434","Unrestricted Upload of File with Dangerous Type","The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.","Draft","Medium",[47],{"id":48,"name":49,"techniques":50},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[],[52],{"_key":53,"name":54,"source":55,"url":56,"maturity":57,"reliability_score":58,"verified":59,"type":60,"platforms":61,"requires_auth":62,"exploitdb":9,"metasploit":63},"MSF_EXPLOIT_WINDOWS_HTTP_MAGICINFO_TRAVERSAL","Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/windows/http/magicinfo_traversal.rb","weaponized",1,true,"remote",[],false,{"fullname":64,"rank":65,"rank_name":66,"post_auth":62,"check":59,"notes":67},"exploit/windows/http/magicinfo_traversal",600,"excellent",{"Stability":68,"SideEffects":70,"Reliability":73},[69],"crash-safe",[71,72],"ioc-in-logs","artifacts-on-disk",[74],"repeatable-session",[],[],[],[],[],"2024-08-09T04:43:29.828Z","2026-04-25T03:55:30.861Z","Analyzed",{"cisa_kev":59,"cisa_ransomware":62,"cisa_vendor":84,"epss_severity":85,"epss_score":86,"severity":85,"severity_score":87,"severity_version":88,"severity_source":89,"severity_vector":90,"severity_status":82},"Samsung","critical",0.70996,9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[92,98,103],{"url":93,"sources":94,"tags":96},"https://security.samsungtv.com/securityUpdates",[95,89],"cve.org",[97],"Vendor Advisory",{"url":99,"sources":100,"tags":101},"https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-exploitation-of-path-traversal-vulnerability-in-samsung-magicinfo-9-server-cve-2024-7399/",[95,89],[102],"Third Party Advisory",{"url":104,"sources":105,"tags":106},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7399",[95,89],[107,108],"Government Resource","US Government Resource",[110],{"source":111,"vendor":84,"product":112,"date_added":113,"vulnerability_name":114,"short_description":115,"required_action":116,"due_date":117,"known_ransomware_campaign_use":118,"notes":119,"exploitation_type":9},"cisa","MagicINFO 9 Server","2026-04-24","Samsung MagicINFO 9 Server Path Traversal Vulnerability","Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-05-08","Unknown","https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399",{"date":113,"score":86,"percentile":121},0.98713,[123,127,130,134,137,139,141,144,147,149,152,154,156,158,160,163,166,169,172,175,178,180,182,184,186,188,191,193,197,200,203,205,207,210,212,215,217,220,223,226,229,231,233,236,239,241,243,245,247,250,252,254,257,260,263,266,269,271,273,277,279,281,284,286,289,292,294,297,300,302,304,307,309,312,315,318,321,324,326,328,331,334,337,339,342,345,347,350,352,354],{"date":124,"score":125,"percentile":126},"2025-11-04",0.67522,0.98493,{"date":128,"score":125,"percentile":129},"2025-11-05",0.98492,{"date":131,"score":132,"percentile":133},"2025-11-06",0.64543,0.9836,{"date":135,"score":132,"percentile":136},"2025-11-07",0.98359,{"date":138,"score":132,"percentile":136},"2025-11-08",{"date":140,"score":132,"percentile":136},"2025-11-09",{"date":142,"score":132,"percentile":143},"2025-11-10",0.98358,{"date":145,"score":132,"percentile":146},"2025-11-11",0.98357,{"date":148,"score":132,"percentile":133},"2025-11-12",{"date":150,"score":132,"percentile":151},"2025-11-13",0.98361,{"date":153,"score":132,"percentile":151},"2025-11-14",{"date":155,"score":132,"percentile":136},"2025-11-15",{"date":157,"score":132,"percentile":136},"2025-11-16",{"date":159,"score":132,"percentile":136},"2025-11-17",{"date":161,"score":162,"percentile":151},"2025-11-18",0.6279,{"date":164,"score":162,"percentile":165},"2025-11-19",0.98362,{"date":167,"score":162,"percentile":168},"2025-11-20",0.98364,{"date":170,"score":132,"percentile":171},"2025-11-21",0.98355,{"date":173,"score":132,"percentile":174},"2025-11-22",0.98354,{"date":176,"score":132,"percentile":177},"2025-11-23",0.98353,{"date":179,"score":132,"percentile":177},"2025-11-24",{"date":181,"score":132,"percentile":171},"2025-11-25",{"date":183,"score":132,"percentile":171},"2025-11-26",{"date":185,"score":132,"percentile":171},"2025-11-27",{"date":187,"score":132,"percentile":174},"2025-11-28",{"date":189,"score":132,"percentile":190},"2025-11-29",0.98356,{"date":192,"score":132,"percentile":174},"2025-11-30",{"date":194,"score":195,"percentile":196},"2025-12-01",0.57322,0.98043,{"date":198,"score":195,"percentile":199},"2025-12-02",0.98045,{"date":201,"score":195,"percentile":202},"2025-12-03",0.98044,{"date":204,"score":132,"percentile":171},"2025-12-04",{"date":206,"score":132,"percentile":171},"2025-12-05",{"date":208,"score":125,"percentile":209},"2025-12-06",0.98494,{"date":211,"score":125,"percentile":209},"2025-12-07",{"date":213,"score":125,"percentile":214},"2025-12-08",0.98495,{"date":216,"score":125,"percentile":214},"2025-12-09",{"date":218,"score":125,"percentile":219},"2025-12-10",0.98497,{"date":221,"score":125,"percentile":222},"2025-12-11",0.98498,{"date":224,"score":125,"percentile":225},"2025-12-12",0.985,{"date":227,"score":125,"percentile":228},"2025-12-13",0.98499,{"date":230,"score":125,"percentile":228},"2025-12-14",{"date":232,"score":125,"percentile":228},"2025-12-15",{"date":234,"score":125,"percentile":235},"2025-12-16",0.98501,{"date":237,"score":125,"percentile":238},"2025-12-17",0.98502,{"date":240,"score":125,"percentile":238},"2025-12-18",{"date":242,"score":125,"percentile":238},"2025-12-19",{"date":244,"score":125,"percentile":238},"2025-12-20",{"date":246,"score":125,"percentile":238},"2025-12-21",{"date":248,"score":125,"percentile":249},"2025-12-22",0.98503,{"date":251,"score":125,"percentile":249},"2025-12-23",{"date":253,"score":125,"percentile":249},"2025-12-24",{"date":255,"score":125,"percentile":256},"2025-12-25",0.98505,{"date":258,"score":125,"percentile":259},"2025-12-26",0.98504,{"date":261,"score":125,"percentile":262},"2025-12-27",0.98522,{"date":264,"score":125,"percentile":265},"2025-12-28",0.98506,{"date":267,"score":125,"percentile":268},"2025-12-29",0.98507,{"date":270,"score":125,"percentile":265},"2025-12-30",{"date":272,"score":125,"percentile":268},"2025-12-31",{"date":274,"score":275,"percentile":276},"2026-01-01",0.60716,0.98228,{"date":278,"score":275,"percentile":276},"2026-01-02",{"date":280,"score":275,"percentile":276},"2026-01-03",{"date":282,"score":125,"percentile":283},"2026-01-04",0.98509,{"date":285,"score":125,"percentile":283},"2026-01-05",{"date":287,"score":125,"percentile":288},"2026-01-06",0.9851,{"date":290,"score":125,"percentile":291},"2026-01-07",0.98511,{"date":293,"score":125,"percentile":291},"2026-01-08",{"date":295,"score":125,"percentile":296},"2026-01-09",0.98513,{"date":298,"score":125,"percentile":299},"2026-01-10",0.98514,{"date":301,"score":125,"percentile":299},"2026-01-11",{"date":303,"score":125,"percentile":296},"2026-01-12",{"date":305,"score":125,"percentile":306},"2026-01-13",0.98512,{"date":308,"score":125,"percentile":299},"2026-01-14",{"date":310,"score":125,"percentile":311},"2026-01-15",0.98515,{"date":313,"score":125,"percentile":314},"2026-01-16",0.98516,{"date":316,"score":125,"percentile":317},"2026-01-17",0.98517,{"date":319,"score":125,"percentile":320},"2026-01-18",0.98518,{"date":322,"score":125,"percentile":323},"2026-01-19",0.9852,{"date":325,"score":125,"percentile":323},"2026-01-20",{"date":327,"score":125,"percentile":323},"2026-01-21",{"date":329,"score":125,"percentile":330},"2026-01-22",0.98521,{"date":332,"score":125,"percentile":333},"2026-01-23",0.98523,{"date":335,"score":125,"percentile":336},"2026-01-24",0.98524,{"date":338,"score":125,"percentile":336},"2026-01-25",{"date":340,"score":125,"percentile":341},"2026-01-26",0.98525,{"date":343,"score":125,"percentile":344},"2026-01-27",0.98526,{"date":346,"score":125,"percentile":344},"2026-01-28",{"date":348,"score":125,"percentile":349},"2026-01-29",0.98527,{"date":351,"score":125,"percentile":349},"2026-01-30",{"date":353,"score":125,"percentile":349},"2026-01-31",{"date":355,"score":275,"percentile":356},"2026-02-01",0.98248,[358,364],{"source":95,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":359,"cvss_v4_0":9},{"baseScore":360,"baseSeverity":361,"vectorString":362,"impactScore":87,"exploitabilityScore":363},8.8,"HIGH","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",7.2,{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":365,"cvss_v4_0":9},{"baseScore":87,"baseSeverity":366,"vectorString":90,"impactScore":87,"exploitabilityScore":367},"CRITICAL",10,[369,378],{"ecosystem":9,"name":112,"vendor":370,"product":371,"cpe_part":372,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":373},"samsung electronics","magicinfo 9 server","a",[374],{"version":375,"is_range":59,"range_type":95,"version_start":9,"version_start_type":9,"version_end":376,"version_end_type":377,"fixed_in":9},"\u003C 21.1050","21.1050","excluding",{"ecosystem":9,"name":112,"vendor":9,"product":112,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":379},[380,383],{"version":381,"is_range":59,"range_type":382,"version_start":9,"version_start_type":9,"version_end":376,"version_end_type":377,"fixed_in":9},"lt21.1050","cpe",{"version":384,"is_range":59,"range_type":382,"version_start":9,"version_start_type":9,"version_end":385,"version_end_type":377,"fixed_in":9},"lt21.1050.0","21.1050.0"]