Smart Switch
CVE-2025-21078
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications.
AnalysisAI
Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications. Affected products include: Samsung Smart Switch. Version information: version 3.7.68.6.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Smart Switch
View allSmart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allo
Samsung Smart Switch versions prior to 3.7.69.15 contain an authentication bypass vulnerability that allows unauthentica
A cryptographic downgrade vulnerability in Samsung Smart Switch allows remote attackers to force the application to use
A path traversal vulnerability in Smart Switch (CVSS 7.1) that allows adjacent attackers. High severity vulnerability re
Smart Switch versions prior to 3.7.69.15 contain an improper authentication vulnerability that allows adjacent network a
Smart Switch versions prior to 3.7.69.15 contain an exposure of sensitive functionality vulnerability that allows remote
A security vulnerability in Smart Switch installed on non-Samsung Device (CVSS 5.0) that allows local attackers. Remedia
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today