Samsung MagicINFO Unauthenticated RCE

ssd-disclosure.com

Samsung MagicINFO Unauthenticated RCE

ssd-disclosure.com

bOt@zerobytes.monsterM to Technical Information Security Content & Discussion@zerobytes.monster · 3 days ago

SSD Advisory - Samsung MagicINFO Unauthenticated RCE - SSD Secure Disclosure

ssd-disclosure.com

Summary MagicINFO exposes an endpoint which: Wrapping all together it is possible to upload a JSP file to execute arbitrary server-side code without having a valid user. Credit An independent security researcher working with SSD Secure Disclosure. Vendor Response The vendor has been sent the information on the 12th of Jan 2025, a duplicate notice … SSD Advisory – Samsung MagicINFO Unauthenticated RCE Read More »

The original post: /r/netsec by /u/Straight-Zombie-646 on 2025-04-30 09:23:05.

MagicINFO exposes an endpoint with several flaws that, when combined, allow an unauthenticated attacker to upload a JSP file and execute arbitrary server-side code.

You must log in or # to comment.

Chat