CVE-2024-7399

ENISA EUVD: EUVD-2024-48330 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 4 articles Published: 2024-08-09

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

72.93%

probability

This CVE has a 72.93% probability of being exploited in the next 30 days.

0% Top 98.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

Affected Products

Samsung Electronics

MagicINFO 9 Server

samsung

magicinfo 9 server

Samsung Electronics

MagicINFO 9 Server

0 <21.1050

Attack Intelligence

CWE-22 · Path Traversal CWE-434 · Unrestricted File Upload CWE-664 · Improper Control of a Resource Through its Lifetime CWE-669 CWE-706 · Use of Incorrectly-Resolved Name or Reference

Exploits & PoC

davidxbors/CVE-2024-7399-POC

0 2025-05-30

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://security.samsungtv.com/securityUpdates

vendor-advisory

Signal Intelligence

Confidenceⓘ

85%

EPSS 72.93%

CVSS v3.1 8.8

Mentions 4

Last Seen Apr 24, 2026

CNA Information

CNA Assigner

samsung.tv_appliance

Analyst Note

The article explicitly states Samsung patched an 'actively exploited zero-day reported by WhatsApp,' and CVE-2024-7399 is a 2024 Samsung vulnerability patched in August with high CVSS score (8.8). The timing (CVE published 2024-08-09, patch in v21.1050) aligns with active exploitation preceding patch availability, meeting zero-day criteria.

Threat Actors 1

Mana Team

apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026

Published DateAug 09, 2024