Smart Switch
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21005 | 0.00 | — | 0.00 | Mar 16, 2026 | Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege. | |||
| CVE-2026-21004 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service. | |||
| CVE-2026-20999 | 0.00 | — | 0.00 | Mar 16, 2026 | Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. | |||
| CVE-2026-20998 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | |||
| CVE-2026-20997 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. | |||
| CVE-2026-20996 | 0.00 | — | 0.00 | Mar 16, 2026 | Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | |||
| CVE-2026-20995 | 0.00 | — | 0.00 | Mar 16, 2026 | Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration. | |||
| CVE-2025-21078 | 0.00 | — | 0.00 | Nov 5, 2025 | Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications. | |||
| CVE-2025-21064 | 0.00 | — | 0.00 | Oct 10, 2025 | Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data. | |||
| CVE-2025-21062 | 0.00 | — | 0.00 | Oct 10, 2025 | Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21061 | 0.00 | — | 0.00 | Oct 10, 2025 | Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21060 | 0.00 | — | 0.00 | Oct 10, 2025 | Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-20996 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability. | |||
| CVE-2023-30673 | 0.00 | — | 0.00 | Jul 6, 2023 | Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction. | |||
| CVE-2023-30672 | 0.00 | — | 0.00 | Jul 6, 2023 | Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction. | |||
| CVE-2022-39846 | 0.00 | — | 0.00 | Sep 9, 2022 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. | |||
| CVE-2022-39844 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction. | |||
| CVE-2022-27842 | 0.00 | — | 0.00 | Apr 11, 2022 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. |
- CVE-2026-21005Mar 16, 2026risk 0.00cvss —epss 0.00
Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.
- CVE-2026-21004Mar 16, 2026risk 0.00cvss —epss 0.00
Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
- CVE-2026-20999Mar 16, 2026risk 0.00cvss —epss 0.00
Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.
- CVE-2026-20998Mar 16, 2026risk 0.00cvss —epss 0.00
Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.
- CVE-2026-20997Mar 16, 2026risk 0.00cvss —epss 0.00
Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.
- CVE-2026-20996Mar 16, 2026risk 0.00cvss —epss 0.00
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.
- CVE-2026-20995Mar 16, 2026risk 0.00cvss —epss 0.00
Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.
- CVE-2025-21078Nov 5, 2025risk 0.00cvss —epss 0.00
Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications.
- CVE-2025-21064Oct 10, 2025risk 0.00cvss —epss 0.00
Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.
- CVE-2025-21062Oct 10, 2025risk 0.00cvss —epss 0.00
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.
- CVE-2025-21061Oct 10, 2025risk 0.00cvss —epss 0.00
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.
- CVE-2025-21060Oct 10, 2025risk 0.00cvss —epss 0.00
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability.
- CVE-2025-20996Jun 4, 2025risk 0.00cvss —epss 0.00
Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability.
- CVE-2023-30673Jul 6, 2023risk 0.00cvss —epss 0.00
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction.
- CVE-2023-30672Jul 6, 2023risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.
- CVE-2022-39846Sep 9, 2022risk 0.00cvss —epss 0.00
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.
- CVE-2022-39844Sep 9, 2022risk 0.00cvss —epss 0.00
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.
- CVE-2022-27842Apr 11, 2022risk 0.00cvss —epss 0.00
DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.