Magicinfo 9 Server
CVE-2026-25202
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.
AnalysisAI
Hardcoded database credentials in Samsung MagicInfo9 Server allow direct database access and manipulation.
Technical ContextAI
CWE-798 hardcoded database credentials. Known credentials enable direct database access.
RemediationAI
Apply vendor update. Change database credentials if possible.
More in Magicinfo 9 Server
View allSamsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary
Unauthenticated file upload leading to stored XSS and potential RCE in Samsung MagicInfo9 Server. HTML files uploaded wi
Remote code execution in MagicInfo 9 Server (versions prior to 21.1090.1) allows unauthenticated attackers to upload arb
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today