Skip to main content

Smart Switch CVE-2026-21004

| EUVDEUVD-2026-12323 MEDIUM
Improper Authentication (CWE-287)
2026-03-16 SamsungMobile
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 05:00 euvd
EUVD-2026-12323
Analysis Generated
Mar 16, 2026 - 05:00 vuln.today
CVE Published
Mar 16, 2026 - 04:35 nvd
MEDIUM 6.9

DescriptionCVE.org

Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.

AnalysisAI

Smart Switch versions prior to 3.7.69.15 contain an improper authentication vulnerability that allows adjacent network attackers to trigger denial of service conditions without requiring user privileges or interaction. The vulnerability has a CVSS score of 6.9 with medium-to-high availability impact, making it a notable threat in local network environments where Smart Switch is deployed.

Technical ContextAI

The vulnerability stems from improper authentication mechanisms in Smart Switch, a device management application used for switching and synchronizing data across devices. The root cause is classified as an authentication bypass or insufficient authentication check (related to CWE categories such as CWE-287 Improper Authentication or CWE-306 Missing Authentication for Critical Function), allowing an attacker on the adjacent network (same local network segment) to bypass authentication controls and send malicious requests. The CVSS vector AV:A (Adjacent Vector) indicates the attacker must be on the same network segment, AC:L (Low Complexity) means exploitation requires no special conditions, and PR:N (No Privileges) confirms no prior access is needed. The VA:H (Availability High Impact) designation indicates the attacker can completely disable or severely degrade service availability.

RemediationAI

Upgrade Samsung Smart Switch to version 3.7.69.15 or later immediately. This version contains the necessary authentication fixes to prevent the denial of service attack. For environments where immediate patching is not feasible, implement network segmentation to restrict Smart Switch access to trusted, managed devices only and disable network access from untrusted or guest network segments. Additionally, monitor Smart Switch logs for unusual authentication attempts or service disruptions that may indicate exploitation attempts. Ensure all deployment instances are kept current with the latest vendor patches and security updates.

Share

CVE-2026-21004 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy