Samsung

In late 2024, attackers began exploiting CVE-2024-7399, an easily reachable path traversal flaw in Samsung MagicINFO v9 Server, to deploy a malicious JSP payload. The vulnerability allowed unauthenticated actors to upload and execute arbitrary scripts on signage management servers, which are commonly deployed in retail stores, transportation hubs, corporate lobbies and healthcare facilities. Once executed, the payload installed a downloader for the Mirai botnet, turning commercial displays into nodes for distributed denial-of-service attacks. Although no sensitive customer or employee information was stolen, the intrusion compromised system integrity and posed a risk of large-scale service disruptions. Administrators reported sporadic outages of digital signage and unusual outbound connections from Windows Server instances. Samsung released a patch in August 2024, but exploitation surged after a proof-of-concept exploit was published. Organizations running MagicINFO v9 prior to version 21.1050.0 faced ongoing exposure until they applied the update. The incident underscores the critical need for timely patch management to avoid opportunistic bottleneck attacks on nontraditional devices.

Source: https://www.helpnetsecurity.com/2025/05/06/exploited-vulnerability-software-managing-samsung-digital-displays-cve-2024-7399/

TPRM report: https://www.rankiteo.com/company/samsungmobile

"id": "sam301050625",
"linkid": "samsungmobile",
"type": "Vulnerability",
"date": "8/2024",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"

{'affected_entities': [{'industry': 'Electronics',
                        'name': 'Samsung',
                        'type': 'Corporation'}],
 'attack_vector': 'Path Traversal',
 'description': 'Attackers exploited CVE-2024-7399, a path traversal flaw in '
                'Samsung MagicINFO v9 Server, to deploy a malicious JSP '
                'payload. The vulnerability allowed unauthenticated actors to '
                'upload and execute arbitrary scripts on signage management '
                'servers. The payload installed a downloader for the Mirai '
                'botnet, turning commercial displays into nodes for '
                'distributed denial-of-service attacks. Although no sensitive '
                'customer or employee information was stolen, the intrusion '
                'compromised system integrity and posed a risk of large-scale '
                'service disruptions.',
 'impact': {'downtime': 'Sporadic outages of digital signage',
            'systems_affected': 'Signage management servers, Windows Server '
                                'instances'},
 'initial_access_broker': {'entry_point': 'Path Traversal'},
 'lessons_learned': 'The incident underscores the critical need for timely '
                    'patch management to avoid opportunistic bottleneck '
                    'attacks on nontraditional devices.',
 'motivation': 'DDoS Attacks',
 'post_incident_analysis': {'corrective_actions': 'Apply the patch released by '
                                                  'Samsung in August 2024',
                            'root_causes': 'CVE-2024-7399 vulnerability'},
 'title': 'Exploitation of CVE-2024-7399 in Samsung MagicINFO v9 Server',
 'type': 'Botnet Infection',
 'vulnerability_exploited': 'CVE-2024-7399'}

Samsung

Truffle Security Co.: Public GitLab repositories exposed more than 17,000 secrets

OpenJS Foundation: Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk

New Vulnerability Affects All Intel Processors From The Last 6 Years