CVE-2026-25202 PUBLISHED

Assigner: samsung.tv_appliance
Reserved: 30.01.2026 Published: 02.02.2026 Updated: 03.02.2026

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Samsung Electronics
Product	MagicINFO 9 Server
Versions	Default: unaffected Version 21.1090.1 is affected

References

https://security.samsungtv.com/securityUpdates

Problem Types

CWE-798 Use of Hard-coded Credentials CWE

Impacts

CAPEC-203 Manipulate Registry Information