CISA (the US cybersecurity agency) has issued a warning stating that it has identified new vulnerabilities, including several that leave digital signage infrastructures open to exploit.
Among the named vulnerabilities is mention of Samsung MagicINFO, a digital signage platform. Samsung has issued patches over the last year to address vulnerabilities, but several on-premise servers remain unpatched, reports Sixteen:Nine. This has lead to continued exploitation, drawing the attention of the government.
“CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation,” the agency reports. These include:
CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability
CVE-2024-57726 SimpleHelp Missing Authorization Vulnerability
CVE-2024-57728 SimpleHelp Path Traversal Vulnerability
CVE-2025-29635 D-Link DIR-823X Command Injection Vulnerability
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” says CISA.
