Description
Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.
Published: 2026-03-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Privilege Escalation
Action: Patch Now
AI Analysis

Impact

The vulnerability allows an attacker to bypass authentication through a replay attack on Samsung Mobile Smart Switch. By replaying legitimate authentication data, the attacker can trigger privileged functions without proper authorization, effectively gaining elevated privileges on the device or service. This flaw is a classic example of improper authentication (CWE‑294).

Affected Systems

Samsung Mobile Smart Switch devices running any version prior to 3.7.69.15 are affected. Users of earlier builds should verify their installed version and plan to update accordingly.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity, and the EPSS score of less than 1% suggests that widespread exploitation is currently unlikely, although the vulnerability is not catalogued in CISA’s KEV. The attack vector is remote, relying on the ability to replay authentication data to the Smart Switch service; no local privilege or physical access is required for exploitation.

Generated by OpenCVE AI on April 1, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Samsung Smart Switch update (version 3.7.69.15 or later) to all affected devices
  • Verify that the update has been successfully installed and that the device reports the updated version
  • If immediate update is not feasible, restrict or disable Smart Switch features that allow authentication replay until a patch is applied
  • Monitor device logs for abnormal authentication replay attempts and investigate any suspicious activity

Generated by OpenCVE AI on April 1, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Replay Attack in Samsung Smart Switch Allowing Remote Privilege Escalation

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Replay in Samsung Smart Switch Allows Privileged Function Execution
Weaknesses CWE-287

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-294
CPEs cpe:2.3:a:samsung:smart_switch:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Replay in Samsung Smart Switch Allows Privileged Function Execution
Weaknesses CWE-287

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Replay Attack Exposing Privileged Functions in Samsung Smart Switch
Weaknesses CWE-287

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Replay Attack Exposing Privileged Functions in Samsung Smart Switch
Weaknesses CWE-287

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Replay in Samsung Smart Switch Enabling Privileged Function Execution
Weaknesses CWE-287

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Replay in Samsung Smart Switch Enabling Privileged Function Execution
Weaknesses CWE-287

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass by Replay in Samsung Smart Switch
Weaknesses CWE-286

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass by Replay in Samsung Smart Switch
Weaknesses CWE-286

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Replay in Samsung Smart Switch
Weaknesses CWE-613

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Replay in Samsung Smart Switch
Weaknesses CWE-613

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung smart Switch
Vendors & Products Samsung
Samsung smart Switch

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Smart Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-03-16T13:19:35.560Z

Reserved: 2025-12-11T01:33:35.802Z

Link: CVE-2026-20999

cve-icon Vulnrichment

Updated: 2026-03-16T13:15:52.211Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:10.953

Modified: 2026-03-31T00:34:00.833

Link: CVE-2026-20999

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:13Z

Weaknesses