Description
Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.
Published: 2026-03-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Patch Now
AI Analysis

Impact

The vulnerability involves an incorrect or missing check on the cryptographic signature used by Samsung Smart Switch. Because the application does not properly validate signature data, an attacker can supply a malicious payload that is mistakenly authenticated. This can lead to unauthorized account access or other privileged operations within the application. The weakness is classified as CWE‑347.

Affected Systems

Samsung Mobile Smart Switch versions before 3.7.69.15 are affected. The issue exists across all instances of Smart Switch running those releases on Android devices.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate impact, and the EPSS score of less than 1% shows a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the weakness allows remote attackers to bypass authentication, the attack vector is likely remote, possibly via the file transfer feature of Smart Switch. No exploit details or conditions are publicly documented, but if an attacker can deliver a crafted file or data stream to the application, the bypass can be executed.

Generated by OpenCVE AI on April 1, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Samsung Smart Switch update (version 3.7.69.15 or later)
  • Ensure cryptographic signature verification is enabled and functioning
  • Monitor for unusual authentication activity

Generated by OpenCVE AI on April 1, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Improper Cryptographic Signature Verification Enables Bypassing Authentication in Samsung Smart Switch

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Improper Signature Verification in Samsung Smart Switch Enables Authentication Bypass
Weaknesses CWE-290
CWE-328

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
CPEs cpe:2.3:a:samsung:smart_switch:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title Improper Signature Verification in Samsung Smart Switch Enables Authentication Bypass
Weaknesses CWE-290
CWE-328

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Improper Verification of Cryptographic Signature Allows Authentication Bypass in Samsung Smart Switch
Weaknesses CWE-285

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Improper Verification of Cryptographic Signature Allows Authentication Bypass in Samsung Smart Switch
Weaknesses CWE-285

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Improper Signature Verification in Samsung Smart Switch
Weaknesses CWE-295

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Improper Signature Verification in Samsung Smart Switch
Weaknesses CWE-295

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Improper Signature Verification in Samsung Smart Switch Enables Authentication Bypass
Weaknesses CWE-326
CWE-602

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Improper Signature Verification in Samsung Smart Switch Enables Authentication Bypass
Weaknesses CWE-326
CWE-602

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Improper Verification of Cryptographic Signature in Samsung Smart Switch Allows Authentication Bypass
Weaknesses CWE-295
CWE-326

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Improper Verification of Cryptographic Signature in Samsung Smart Switch Allows Authentication Bypass
Weaknesses CWE-295
CWE-326

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung smart Switch
Vendors & Products Samsung
Samsung smart Switch

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Smart Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-03-16T13:19:35.995Z

Reserved: 2025-12-11T01:33:35.801Z

Link: CVE-2026-20997

cve-icon Vulnrichment

Updated: 2026-03-16T13:15:56.390Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:10.700

Modified: 2026-03-31T00:35:49.540

Link: CVE-2026-20997

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:16Z

Weaknesses