Description
Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
Published: 2026-03-16
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

Smart Switch software releases prior to version 3.7.69.15 contain an authentication flaw that allows an attacker in close proximity to bypass the required login step and force the application to crash. The failure to properly verify user credentials is classified as an Authentication Failure (CWE‑287) and results in a denial of service, preventing legitimate users from transferring data or using the app normally. No escalation of privilege or data exfiltration is possible through this issue.

Affected Systems

All devices running Samsung Mobile Smart Switch that have not yet been updated to version 3.7.69.15 or later are affected. This includes both newer phones and older models that still use the legacy Smart Switch application for data migration. Users who rely on this application to move contacts, photos, or settings between Samsung devices are at risk.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1 % suggests a low current likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, and no known active exploits have been reported. Based on the description, the attack vector is inferred to be local or adjacent, requiring the attacker to be physically near the device to trigger the denial of service via the buggy authentication logic.

Generated by OpenCVE AI on April 1, 2026 at 06:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Smart Switch to version 3.7.69.15 or a later release
  • If immediate update is not possible, isolate the device from nearby devices and shared networks to prevent an adjacent attacker from exploiting the flaw
  • Monitor Samsung security advisories for further updates or workarounds
  • Consider disabling Smart Switch temporarily if the application is not required

Generated by OpenCVE AI on April 1, 2026 at 06:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Improper Authentication in Smart Switch Enables Denial of Service

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Improper Authentication in Samsung Smart Switch
Weaknesses CWE-284

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287
NVD-CWE-noinfo
CPEs cpe:2.3:a:samsung:smart_switch:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Denial of Service via Improper Authentication in Samsung Smart Switch
Weaknesses CWE-284

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Improper authentication leading to denial of service in Samsung Smart Switch
Weaknesses CWE-285
CWE-718

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Improper authentication leading to denial of service in Samsung Smart Switch
Weaknesses CWE-285
CWE-718

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Improper Authentication Causing Denial of Service in Samsung Smart Switch
Weaknesses CWE-287
CWE-400

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Improper Authentication Causing Denial of Service in Samsung Smart Switch
Weaknesses CWE-287
CWE-400

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Improper Authentication in Samsung Smart Switch
Weaknesses CWE-287

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Improper Authentication in Samsung Smart Switch
Weaknesses CWE-287

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Improper Authentication Leading to Denial of Service in Samsung Smart Switch before v3.7.69.15
Weaknesses CWE-284

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Improper Authentication Leading to Denial of Service in Samsung Smart Switch before v3.7.69.15
Weaknesses CWE-284

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung smart Switch
Vendors & Products Samsung
Samsung smart Switch

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Smart Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-03-16T13:19:35.280Z

Reserved: 2025-12-11T01:33:35.802Z

Link: CVE-2026-21004

cve-icon Vulnrichment

Updated: 2026-03-16T13:15:47.794Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:11.500

Modified: 2026-03-31T00:31:53.567

Link: CVE-2026-21004

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:12Z

Weaknesses