Description
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Samsung Electronics / MagicINFO 9 Server0 – 21.1050
Exploits & proofs of concept
- nucleiSamsung MagicINFO 9 Server 21.1050.0 - Remote Code Executionby iamnoooob,pdresearch