平台
android
组件
smart-switch
修复版本
3.7.69.15
CVE-2026-21004 describes a Denial of Service (DoS) vulnerability affecting Samsung Smart Switch versions prior to 3.7.69.15. This vulnerability allows an attacker within close proximity to trigger a denial of service, potentially disrupting data transfer and device management operations. The vulnerability is fixed in version 3.7.69.15, and users are advised to upgrade promptly.
The primary impact of CVE-2026-21004 is a denial of service. An attacker, positioned physically near a device running a vulnerable version of Smart Switch, can exploit this flaw to render the application unresponsive. This could interrupt ongoing data transfers, prevent users from backing up their devices, or hinder other critical functions managed through Smart Switch. The attack requires physical proximity, limiting the immediate blast radius, but could be disruptive in environments where Smart Switch is frequently used, such as shared workspaces or public charging stations. While the vulnerability doesn't directly lead to data exfiltration, the disruption caused by the DoS could be leveraged as a distraction for other malicious activities.
CVE-2026-21004 was publicly disclosed on 2026-03-16. There are currently no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Users who rely on Samsung Smart Switch for device management and data transfer, particularly those in shared environments like offices, libraries, or public transportation hubs, are at increased risk. Individuals using older, unpatched versions of Smart Switch are especially vulnerable.
• android / supply-chain:
Get-Process -Name "SmartSwitch"• android / supply-chain:
Get-AppxPackage -Name "com.samsung.smartswitch"• android / supply-chain: Check for unusual network activity originating from the Smart Switch application using Android's network monitoring tools. • android / supply-chain: Review device logs for errors or crashes related to Smart Switch, which could indicate exploitation attempts.
disclosure
漏洞利用状态
EPSS
0.03% (8% 百分位)
CISA SSVC
The primary mitigation for CVE-2026-21004 is to upgrade Samsung Smart Switch to version 3.7.69.15 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime requirements, consider temporarily disabling Smart Switch when not in use to reduce the attack surface. While a direct WAF rule is not applicable, restricting physical access to devices running vulnerable versions of Smart Switch can significantly reduce the risk. There are no specific Sigma or YARA rules available for this vulnerability at this time.
将 Smart Switch 应用程序更新到 3.7.69.15 或更高版本。此更新修复了允许相邻攻击者执行拒绝服务攻击的身份验证不当漏洞。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-21004 is a Denial of Service vulnerability in Samsung Smart Switch versions prior to 3.7.69.15, allowing a nearby attacker to disrupt the application's functionality.
You are affected if you are using Samsung Smart Switch version 3.7.69.15 or earlier. Check your app version and upgrade if necessary.
Upgrade to Samsung Smart Switch version 3.7.69.15 or later through the Google Play Store or Samsung Galaxy Store.
Currently, there are no confirmed reports of active exploitation of CVE-2026-21004, but it's recommended to apply the patch proactively.
Refer to the official Samsung Security Bulletin for details: [https://security.samsung.com/ (replace with actual URL when available)]
上传你的 build.gradle 文件,立即知道是否受影响。