Florian Draschbacher

**Name of the Vulnerable Software and Affected Versions** Smart Switch versions prior to 3.7.67.2 **Description** A flaw exists in Smart Switch that allows local attackers to access backup data from applications due to the cleartext storage of sensitive information. User interaction is required to trigger this issue. **Recommendations** Update Smart Switch to version 3.7.67.2 or later.

**Name of the Vulnerable Software and Affected Versions** Smart Switch versions prior to 3.7.67.2 **Description** The software stores sensitive information in cleartext, potentially allowing local attackers to access this data. User interaction is required to trigger this issue. The vulnerability affects devices where an attacker has local access. **Recommendations** Update Smart Switch to version 3.7.67.2 or later.

**Name of the Vulnerable Software and Affected Versions** Smart Switch versions prior to 3.7.67.2 **Description** The software utilizes a broken or risky cryptographic algorithm. This allows a local attacker to replace the restoring application, but requires user interaction to trigger the issue. **Recommendations** Update to version 3.7.67.2 or later.

**Name of the Vulnerable Software and Affected Versions** Samsung Smart Switch versions prior to 3.7.66.6 **Description** A flaw exists in the authentication process of Smart Switch that could allow nearby attackers to gain access to data during transfers. This authentication bypass enables unauthorized access to transferring data. **Recommendations** Update Smart Switch to version 3.7.66.6 or later.

**Name of the Vulnerable Software and Affected Versions** MTP application versions prior to SMR Jul-2024 Release 1 **Description** Improper authentication in the MTP application allows local attackers to enter MTP mode without proper authentication. **Recommendations** Update the MTP application to SMR Jul-2024 Release 1 or later.