Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.
AnalysisAI
Smart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allows remote attackers to bypass security controls and execute privileged functions without valid credentials. The vulnerability requires user interaction to trigger but poses a significant risk as no patch is currently available. Organizations using affected Smart Switch deployments should implement network-level controls to restrict access until an update is released.
Technical ContextAI
Smart Switch is Samsung's data transfer application used to migrate content between devices. The vulnerability stems from improper validation of authentication tokens or session credentials, allowing attackers to capture and replay legitimate authentication sequences to bypass security controls. While no specific CWE is assigned, this type of flaw typically falls under authentication bypass categories such as CWE-294 (Authentication Bypass by Capture-replay). The network-based attack vector indicates the vulnerability can be exploited remotely without local access to the affected system.
RemediationAI
Upgrade Samsung Smart Switch to version 3.7.69.15 or later to address this authentication bypass vulnerability. Users can update through the Samsung Smart Switch application's built-in update mechanism or download the latest version from Samsung's official website. As a temporary mitigation, limit the use of Smart Switch to trusted networks only and avoid using it on public or untrusted Wi-Fi networks where attackers could potentially capture authentication traffic for replay attacks.
More in Smart Switch
View allSamsung Smart Switch versions prior to 3.7.69.15 contain an authentication bypass vulnerability that allows unauthentica
A cryptographic downgrade vulnerability in Samsung Smart Switch allows remote attackers to force the application to use
A path traversal vulnerability in Smart Switch (CVSS 7.1) that allows adjacent attackers. High severity vulnerability re
Smart Switch versions prior to 3.7.69.15 contain an improper authentication vulnerability that allows adjacent network a
Smart Switch versions prior to 3.7.69.15 contain an exposure of sensitive functionality vulnerability that allows remote
A security vulnerability in Smart Switch installed on non-Samsung Device (CVSS 5.0) that allows local attackers. Remedia
Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to a
Same weakness CWE-294 – Authentication Bypass by Capture-replay
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12315