Plattform
android
Komponente
smart-switch
Behoben in
3.7.69.15
CVE-2026-21004 describes a Denial of Service (DoS) vulnerability affecting Samsung Smart Switch versions prior to 3.7.69.15. This vulnerability allows an attacker within close proximity to trigger a denial of service, potentially disrupting data transfer and device management operations. The vulnerability is fixed in version 3.7.69.15, and users are advised to upgrade promptly.
The primary impact of CVE-2026-21004 is a denial of service. An attacker, positioned physically near a device running a vulnerable version of Smart Switch, can exploit this flaw to render the application unresponsive. This could interrupt ongoing data transfers, prevent users from backing up their devices, or hinder other critical functions managed through Smart Switch. The attack requires physical proximity, limiting the immediate blast radius, but could be disruptive in environments where Smart Switch is frequently used, such as shared workspaces or public charging stations. While the vulnerability doesn't directly lead to data exfiltration, the disruption caused by the DoS could be leveraged as a distraction for other malicious activities.
CVE-2026-21004 was publicly disclosed on 2026-03-16. There are currently no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Users who rely on Samsung Smart Switch for device management and data transfer, particularly those in shared environments like offices, libraries, or public transportation hubs, are at increased risk. Individuals using older, unpatched versions of Smart Switch are especially vulnerable.
• android / supply-chain:
Get-Process -Name "SmartSwitch"• android / supply-chain:
Get-AppxPackage -Name "com.samsung.smartswitch"• android / supply-chain: Check for unusual network activity originating from the Smart Switch application using Android's network monitoring tools. • android / supply-chain: Review device logs for errors or crashes related to Smart Switch, which could indicate exploitation attempts.
disclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-21004 is to upgrade Samsung Smart Switch to version 3.7.69.15 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime requirements, consider temporarily disabling Smart Switch when not in use to reduce the attack surface. While a direct WAF rule is not applicable, restricting physical access to devices running vulnerable versions of Smart Switch can significantly reduce the risk. There are no specific Sigma or YARA rules available for this vulnerability at this time.
Aktualisieren Sie die Smart Switch-Anwendung auf Version 3.7.69.15 oder höher. Dieses Update behebt die Schwachstelle der fehlerhaften Authentifizierung, die es angrenzenden Angreifern ermöglicht, Denial-of-Service-Angriffe durchzuführen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-21004 is a Denial of Service vulnerability in Samsung Smart Switch versions prior to 3.7.69.15, allowing a nearby attacker to disrupt the application's functionality.
You are affected if you are using Samsung Smart Switch version 3.7.69.15 or earlier. Check your app version and upgrade if necessary.
Upgrade to Samsung Smart Switch version 3.7.69.15 or later through the Google Play Store or Samsung Galaxy Store.
Currently, there are no confirmed reports of active exploitation of CVE-2026-21004, but it's recommended to apply the patch proactively.
Refer to the official Samsung Security Bulletin for details: [https://security.samsung.com/ (replace with actual URL when available)]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine build.gradle-Datei hoch und wir sagen dir sofort, ob du betroffen bist.