Description
Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.
Published: 2026-03-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Write with Smart Switch privileges
Action: Patch Immediately
AI Analysis

Impact

Firmware within Smart Switch before version 3.7.69.15 permits an attacker to traverse directories and overwrite any file the application can access, thereby enabling arbitrary file modification. This flaw is a classic path–traversal defect (CWE‑22) that could allow modification of critical system files, potentially leading to privilege escalation or other destructive effects.

Affected Systems

Samsung Mobile Smart Switch on all versions earlier than 3.7.69.15. No other vendors or products are listed as affected.

Risk and Exploitability

The vulnerability carries a CVSS base score of 7.1, indicating a moderate‑to‑high impact assessment. The EPSS score is less than 1%, suggesting a low probability of exploitation at this time, and the issue is not registered in CISA’s KEV catalog. The attack vector is inferred to be local or adjacent; an attacker with proximity to the device or ability to influence the installation context can exploit the traversal to overwrite files controlled by Smart Switch. No indirect exploitation path or remote trigger is documented in the provided data.

Generated by OpenCVE AI on April 1, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Smart Switch update (version 3.7.69.15 or newer) to eliminate the path traversal flaw.
  • Verify that the Smart Switch installation directory and its files are not writable by non‑privileged users.
  • Monitor the application directories for unexpected file modifications and investigate any anomalies promptly.
  • If an update is not immediately available, limit access to the Smart Switch installation area and consider uninstalling the application until a patch can be applied.

Generated by OpenCVE AI on April 1, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Smart Switch Path Traversal Allowing Arbitrary File Overwrite

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Path Traversal in Smart Switch Enabling Arbitrary File Overwrite
Weaknesses CWE-284

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:samsung:smart_switch:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title Path Traversal in Smart Switch Enabling Arbitrary File Overwrite
Weaknesses CWE-22
CWE-284

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Smart Switch Path Traversal Enables Arbitrary File Overwrite
Weaknesses CWE-20
CWE-22

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Smart Switch Path Traversal Enables Arbitrary File Overwrite
Weaknesses CWE-20
CWE-22

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Adjacent Path Traversal in Samsung Smart Switch Permits Arbitrary File Overwrite
Weaknesses CWE-22

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Adjacent Path Traversal in Samsung Smart Switch Permits Arbitrary File Overwrite
Weaknesses CWE-22

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Path Traversal Allowing Arbitrary File Overwrite in Samsung Smart Switch
Weaknesses CWE-22

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Path Traversal Allowing Arbitrary File Overwrite in Samsung Smart Switch
Weaknesses CWE-22

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Smart Switch Path Traversal Enables Arbitrary File Overwrite
Weaknesses CWE-22

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Smart Switch Path Traversal Enables Arbitrary File Overwrite
Weaknesses CWE-22

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung smart Switch
Vendors & Products Samsung
Samsung smart Switch

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Smart Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-03-16T13:19:35.051Z

Reserved: 2025-12-11T01:33:35.802Z

Link: CVE-2026-21005

cve-icon Vulnrichment

Updated: 2026-03-16T13:15:45.613Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:11.640

Modified: 2026-03-31T00:30:23.410

Link: CVE-2026-21005

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:11Z

Weaknesses