Skip to main content

Smart Switch CVE-2026-20999

| EUVDEUVD-2026-12315 HIGH
Authentication Bypass by Capture-replay (CWE-294)
2026-03-16 SamsungMobile
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 05:00 euvd
EUVD-2026-12315
Analysis Generated
Mar 16, 2026 - 05:00 vuln.today
CVE Published
Mar 16, 2026 - 04:32 nvd
HIGH 7.1

DescriptionCVE.org

Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.

AnalysisAI

Smart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allows remote attackers to bypass security controls and execute privileged functions without valid credentials. The vulnerability requires user interaction to trigger but poses a significant risk as no patch is currently available. Organizations using affected Smart Switch deployments should implement network-level controls to restrict access until an update is released.

Technical ContextAI

Smart Switch is Samsung's data transfer application used to migrate content between devices. The vulnerability stems from improper validation of authentication tokens or session credentials, allowing attackers to capture and replay legitimate authentication sequences to bypass security controls. While no specific CWE is assigned, this type of flaw typically falls under authentication bypass categories such as CWE-294 (Authentication Bypass by Capture-replay). The network-based attack vector indicates the vulnerability can be exploited remotely without local access to the affected system.

RemediationAI

Upgrade Samsung Smart Switch to version 3.7.69.15 or later to address this authentication bypass vulnerability. Users can update through the Samsung Smart Switch application's built-in update mechanism or download the latest version from Samsung's official website. As a temporary mitigation, limit the use of Smart Switch to trusted networks only and avoid using it on public or untrusted Wi-Fi networks where attackers could potentially capture authentication traffic for replay attacks.

Share

CVE-2026-20999 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy