CVE-2024-7399

CriticalKnown Exploited

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows…

samsung.tv_appliance·CWE-22·Published 2024-08-09

CVSS

9.8

EPSS

0.92

KEV

Yes

Exploits

Vendor statements (1)

security.samsungtv.com

cve.orgen

188 chars

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

NVDes

237 chars

La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido en la versión Samsung MagicINFO 9 Server anterior a la 21.1050 permite a los atacantes escribir archivos arbitrarios como autoridad del sistema.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H