Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.
AnalysisAI
A cryptographic downgrade vulnerability in Samsung Smart Switch allows remote attackers to force the application to use weak authentication schemes during device-to-device transfers. The vulnerability affects Smart Switch versions prior to 3.7.69.15 and requires user interaction to exploit, potentially exposing sensitive data during the transfer process between Samsung devices. With a CVSS 4.0 score of 7.1 and no current evidence of active exploitation or public proof-of-concept code, this represents a moderate risk primarily to Samsung device users performing data migrations.
Technical ContextAI
Smart Switch is Samsung's official data transfer application used to migrate content between mobile devices, particularly when users upgrade to new Samsung phones. The vulnerability stems from the use of broken or risky cryptographic algorithms that can be manipulated by attackers to downgrade the authentication scheme used during device pairing and data transfer. While no specific CWE identifier is assigned, this vulnerability class typically relates to insufficient cryptographic strength (similar to CWE-326) or improper certificate validation, allowing attackers on the same network to intercept and potentially modify the authentication handshake between devices.
RemediationAI
Update Samsung Smart Switch to version 3.7.69.15 or later immediately through the Google Play Store, Galaxy Store, or Apple App Store depending on your device platform. For environments where immediate patching is not possible, advise users to only perform Smart Switch transfers on trusted networks, avoid public WiFi during device migrations, and verify the authenticity of connection requests during the transfer process. Enterprise environments should consider blocking older Smart Switch versions through mobile device management policies until all devices can be updated to the patched version.
More in Smart Switch
View allSmart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allo
Samsung Smart Switch versions prior to 3.7.69.15 contain an authentication bypass vulnerability that allows unauthentica
A path traversal vulnerability in Smart Switch (CVSS 7.1) that allows adjacent attackers. High severity vulnerability re
Smart Switch versions prior to 3.7.69.15 contain an improper authentication vulnerability that allows adjacent network a
Smart Switch versions prior to 3.7.69.15 contain an exposure of sensitive functionality vulnerability that allows remote
A security vulnerability in Smart Switch installed on non-Samsung Device (CVSS 5.0) that allows local attackers. Remedia
Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to a
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12309