SSD Advisory - Samsung MagicINFO Unauthenticated RCE - SSD Secure Disclosure
ssd-disclosure.com
Summary MagicINFO exposes an endpoint which: Wrapping all together it is possible to upload a JSP file to execute arbitrary server-side code without having a valid user. Credit An independent security researcher working with SSD Secure Disclosure. Vendor Response The vendor has been sent the information on the 12th of Jan 2025, a duplicate notice … SSD Advisory – Samsung MagicINFO Unauthenticated RCE Read More »