module
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)
| Disclosed | Created |
|---|---|
| Apr 30, 2025 | May 19, 2025 |
Disclosed
Apr 30, 2025
Created
May 19, 2025
Description
Remote Code Execution in Samsung MagicINFO 9 Server
Remote code execution can be obtained by exploiting the path traversal vulnerability (CVE-2024-7399) in the SWUpdateFileUploader servlet,
which can be queried by an unauthenticated user to upload a JSP shell.
By default, the application listens on TCP ports 7001 (HTTP) and 7002 (HTTPS) on all network interfaces and runs in the context of NT AUTHORITY\SYSTEM.
Remote code execution can be obtained by exploiting the path traversal vulnerability (CVE-2024-7399) in the SWUpdateFileUploader servlet,
which can be queried by an unauthenticated user to upload a JSP shell.
By default, the application listens on TCP ports 7001 (HTTP) and 7002 (HTTPS) on all network interfaces and runs in the context of NT AUTHORITY\SYSTEM.
Authors
Michael Heinzl
SSD Secure Disclosure
SSD Secure Disclosure
Platform
Windows
Architectures
java
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.