Samsung Smart Switch vulnerabilities

CVE-2026-20996 [HIGH] CWE-327 CVE-2026-20996: Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows r Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.

CVE-2026-20999 [HIGH] CWE-294 CVE-2026-20999: Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers t Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.

CVE-2026-20998 [HIGH] CVE-2026-20998: Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.

CVE-2026-21005 [HIGH] CWE-22 CVE-2026-21005: Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arb Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.

CVE-2026-20997 [MEDIUM] CWE-347 CVE-2026-20997: Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows r Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.

CVE-2026-20995 [MEDIUM] CWE-306 CVE-2026-20995: Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69 Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.

CVE-2026-21004 [MEDIUM] CWE-287 CVE-2026-21004: Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trig Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.

CVE-2025-21078 [HIGH] CVE-2025-21078: Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adj Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications.

CVE-2025-21062 [HIGH] CWE-327 CVE-2025-21062: Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows lo Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.

CVE-2025-21064 [HIGH] CVE-2025-21064: Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to acces Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.

CVE-2025-21061 [HIGH] CWE-312 CVE-2025-21061: Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local at Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.

CVE-2025-21060 [MEDIUM] CWE-312 CVE-2025-21060: Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local at Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability.

CVE-2025-20996 [MEDIUM] CVE-2025-20996: Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 al Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability.