Description
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.
Published: 2026-03-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Downgrade
Action: Patch
AI Analysis

Impact

The vulnerability is caused by Samsung Smart Switch using a compromised cryptographic algorithm in versions prior to 3.7.69.15. This flaw permits a remote attacker to force the application into a weaker authentication scheme, thereby lowering the security of user credentials. The downgrade allows the attacker to authenticate with reduced protection, which could enable access to data and services normally tied to the user, though the full extent of data exposure is not explicitly detailed.

Affected Systems

Samsung Smart Switch installations on Samsung Mobile devices running any version older than 3.7.69.15 are affected. Users of these older firmware versions are directly exposed to the risk of authentication downgrade.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate to high severity, while the EPSS score of less than 1% signals a low probability of widespread exploitation at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that an attacker would need to remotely trigger the downgrade through the Smart Switch service, most likely via a network-based attack vector, and no local privilege escalation or code execution is required. The attack could result in unauthorized access to user data if the downgrade is successfully applied.

Generated by OpenCVE AI on March 31, 2026 at 06:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Samsung Smart Switch to version 3.7.69.15 or later.

Generated by OpenCVE AI on March 31, 2026 at 06:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Risky Cryptographic Algorithm Allows Authentication Downgrade in Samsung Smart Switch

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:samsung:smart_switch:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title Risky Cryptographic Algorithm Allows Authentication Downgrade in Samsung Smart Switch
Weaknesses CWE-327

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Weak Cryptographic Algorithm Enables Authentication Downgrade in Samsung Smart Switch
Weaknesses CWE-327

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Weak Cryptographic Algorithm Enables Authentication Downgrade in Samsung Smart Switch
Weaknesses CWE-327

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Smart Switch Vulnerability Enables Remote Authentication Downgrade
Weaknesses CWE-327

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Smart Switch Vulnerability Enables Remote Authentication Downgrade
Weaknesses CWE-327

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Broken cryptographic algorithm enables remote downgrade of authentication in Samsung Smart Switch
Weaknesses CWE-327

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Broken cryptographic algorithm enables remote downgrade of authentication in Samsung Smart Switch
Weaknesses CWE-327

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Remote Authentication Downgrade via Weak Cryptography in Samsung Smart Switch
Weaknesses CWE-327

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Remote Authentication Downgrade via Weak Cryptography in Samsung Smart Switch
Weaknesses CWE-327

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung smart Switch
Vendors & Products Samsung
Samsung smart Switch

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Smart Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-03-16T13:19:36.235Z

Reserved: 2025-12-11T01:33:35.801Z

Link: CVE-2026-20996

cve-icon Vulnrichment

Updated: 2026-03-16T13:15:58.458Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:10.570

Modified: 2026-03-31T00:29:54.270

Link: CVE-2026-20996

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:09:29Z

Weaknesses