Description
Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.
Published: 2026-03-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Patch Now
AI Analysis

Impact

The vulnerability is an improper authentication flaw that allows remote attackers to bypass authentication in Samsung Mobile Smart Switch, enabling unauthorized access to protected functions. This could let attackers perform unauthenticated operations, potentially compromising the confidentiality and integrity of user data.

Affected Systems

Affected are Samsung Mobile Smart Switch clients running versions earlier than 3.7.69.15. The flaw exists across all devices that use the Smart Switch application before that version.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact with potential for remote exploitation. EPSS is under 1%, showing a low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need remote access to the device and could bypass the authentication mechanism without additional prerequisites, potentially leading to unauthorized use of the application.

Generated by OpenCVE AI on April 1, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Samsung Mobile Smart Switch to version 3.7.69.15 or later
  • Consult Samsung’s advisory page for additional guidance

Generated by OpenCVE AI on April 1, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Remote Authentication Bypass in Samsung Mobile Smart Switch
Weaknesses CWE-284

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Samsung Smart Switch Before v3.7.69.15
Weaknesses CWE-285

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:samsung:smart_switch:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Samsung Smart Switch Before v3.7.69.15
Weaknesses CWE-285

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Samsung Smart Switch
Weaknesses CWE-287

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Samsung Smart Switch
Weaknesses CWE-287

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Samsung Mobile Smart Switch
Weaknesses CWE-287

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Samsung Mobile Smart Switch
Weaknesses CWE-287

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Samsung Smart Switch Authentication Bypass
Weaknesses CWE-287

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Samsung Smart Switch Authentication Bypass
Weaknesses CWE-287

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung smart Switch
Vendors & Products Samsung
Samsung smart Switch

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Smart Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-03-16T13:19:35.805Z

Reserved: 2025-12-11T01:33:35.801Z

Link: CVE-2026-20998

cve-icon Vulnrichment

Updated: 2026-03-16T13:15:54.304Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:10.827

Modified: 2026-03-31T00:34:49.670

Link: CVE-2026-20998

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:14Z

Weaknesses