Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
AnalysisAI
Smart Switch versions prior to 3.7.69.15 contain an improper authentication vulnerability that allows adjacent network attackers to trigger denial of service conditions without requiring user privileges or interaction. The vulnerability has a CVSS score of 6.9 with medium-to-high availability impact, making it a notable threat in local network environments where Smart Switch is deployed.
Technical ContextAI
The vulnerability stems from improper authentication mechanisms in Smart Switch, a device management application used for switching and synchronizing data across devices. The root cause is classified as an authentication bypass or insufficient authentication check (related to CWE categories such as CWE-287 Improper Authentication or CWE-306 Missing Authentication for Critical Function), allowing an attacker on the adjacent network (same local network segment) to bypass authentication controls and send malicious requests. The CVSS vector AV:A (Adjacent Vector) indicates the attacker must be on the same network segment, AC:L (Low Complexity) means exploitation requires no special conditions, and PR:N (No Privileges) confirms no prior access is needed. The VA:H (Availability High Impact) designation indicates the attacker can completely disable or severely degrade service availability.
RemediationAI
Upgrade Samsung Smart Switch to version 3.7.69.15 or later immediately. This version contains the necessary authentication fixes to prevent the denial of service attack. For environments where immediate patching is not feasible, implement network segmentation to restrict Smart Switch access to trusted, managed devices only and disable network access from untrusted or guest network segments. Additionally, monitor Smart Switch logs for unusual authentication attempts or service disruptions that may indicate exploitation attempts. Ensure all deployment instances are kept current with the latest vendor patches and security updates.
More in Smart Switch
View allSmart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allo
Samsung Smart Switch versions prior to 3.7.69.15 contain an authentication bypass vulnerability that allows unauthentica
A cryptographic downgrade vulnerability in Samsung Smart Switch allows remote attackers to force the application to use
A path traversal vulnerability in Smart Switch (CVSS 7.1) that allows adjacent attackers. High severity vulnerability re
Smart Switch versions prior to 3.7.69.15 contain an exposure of sensitive functionality vulnerability that allows remote
A security vulnerability in Smart Switch installed on non-Samsung Device (CVSS 5.0) that allows local attackers. Remedia
Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to a
Same weakness CWE-287 – Improper Authentication
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12323