Description
Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.
Published: 2026-03-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Configuration Modification
Action: Patch Immediately
AI Analysis

Impact

The flaw in Samsung Smart Switch arises from an absent authentication check, allowing an attacker to set a specific configuration value without verification. This leads to unauthorized changes in application settings, compromising the device’s integrity and opening doors for further escalation. The weakness falls under an inappropriate restriction of authority.

Affected Systems

All Samsung Mobile Smart Switch installations older than version 3.7.69.15 are vulnerable. Devices running those versions can be altered remotely through the application interface.

Risk and Exploitability

The CVSS score of 5.3 reflects moderate severity, while the low exploitation likelihood advises caution. The vulnerability can be exploited remotely via the Smart Switch interface, requiring network access to the device. Because it is not part of the known exploited vulnerabilities catalog, active monitoring is recommended but the immediate risk remains manageable.

Generated by OpenCVE AI on April 1, 2026 at 07:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Smart Switch to version 3.7.69.15 or later
  • If updating is not immediately possible, isolate the device from untrusted networks and allow Smart Switch traffic only from trusted origins
  • Enable and review configuration change logs for any anomalous activity

Generated by OpenCVE AI on April 1, 2026 at 07:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Unauthorized Remote Configuration Modification in Samsung Smart Switch

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Unauthorized Remote Configuration in Samsung Smart Switch
Weaknesses CWE-285
CWE-862

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
CPEs cpe:2.3:a:samsung:smart_switch:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title Unauthorized Remote Configuration in Samsung Smart Switch
Weaknesses CWE-285
CWE-862

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Smart Switch Unauthorized Configuration Setting Vulnerability
Weaknesses CWE-200
CWE-285

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Smart Switch Unauthorized Configuration Setting Vulnerability
Weaknesses CWE-200
CWE-285

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Unauthorized Configuration Change via Samsung Smart Switch
Weaknesses CWE-284

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Unauthorized Configuration Change via Samsung Smart Switch
Weaknesses CWE-284

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Remote Configuration Manipulation in Samsung Smart Switch Prior to 3.7.69.15
Weaknesses CWE-269
CWE-640

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Remote Configuration Manipulation in Samsung Smart Switch Prior to 3.7.69.15
Weaknesses CWE-269
CWE-640

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Sensitive Functionality Exposure Allows Remote Configuration Change in Samsung Smart Switch
Weaknesses CWE-284

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Sensitive Functionality Exposure Allows Remote Configuration Change in Samsung Smart Switch
Weaknesses CWE-284

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung smart Switch
Vendors & Products Samsung
Samsung smart Switch

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Smart Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-03-16T13:19:36.465Z

Reserved: 2025-12-11T01:33:35.801Z

Link: CVE-2026-20995

cve-icon Vulnrichment

Updated: 2026-03-16T13:16:00.631Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:10.430

Modified: 2026-03-31T00:29:07.777

Link: CVE-2026-20995

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:17Z

Weaknesses