Samsung

In late 2024, attackers began exploiting CVE-2024-7399, an easily reachable path traversal flaw in Samsung MagicINFO v9 Server, to deploy a malicious JSP payload. The vulnerability allowed unauthenticated actors to upload and execute arbitrary scripts on signage management servers, which are commonly deployed in retail stores, transportation hubs, corporate lobbies and healthcare facilities. Once executed, the payload installed a downloader for the Mirai botnet, turning commercial displays into nodes for distributed denial-of-service attacks. Although no sensitive customer or employee information was stolen, the intrusion compromised system integrity and posed a risk of large-scale service disruptions. Administrators reported sporadic outages of digital signage and unusual outbound connections from Windows Server instances. Samsung released a patch in August 2024, but exploitation surged after a proof-of-concept exploit was published. Organizations running MagicINFO v9 prior to version 21.1050.0 faced ongoing exposure until they applied the update. The incident underscores the critical need for timely patch management to avoid opportunistic bottleneck attacks on nontraditional devices.

Source: https://www.helpnetsecurity.com/2025/05/06/exploited-vulnerability-software-managing-samsung-digital-displays-cve-2024-7399/

"id": "sam301050625",
"linkid": "samsungmobile",
"type": "Vulnerability",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"