Login Sign Up

CVE-2022-31757

7.5 HIGH

📋 TL;DR

This vulnerability in Huawei/HarmonyOS setting modules involves improper API usage that could allow unauthorized access to sensitive data. It affects Huawei smartphones and devices running HarmonyOS. Successful exploitation could compromise data confidentiality.

💻 Affected Systems

Products:
  • Huawei smartphones
  • HarmonyOS devices
Versions: HarmonyOS versions prior to security patches released in June 2022
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei devices running vulnerable HarmonyOS versions. Specific device models not detailed in provided references.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive user data including personal information, settings, and potentially authentication tokens stored by the settings module.

🟠

Likely Case

Local attackers or malicious apps could access restricted settings data they shouldn't have permission to view.

🟢

If Mitigated

With proper app sandboxing and permission controls, impact would be limited to data accessible within the app's normal permissions.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or local attackers could exploit this to access sensitive device settings data.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2022 security update for HarmonyOS

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2022/6/

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings > System & updates > Software update. 2. Install June 2022 security update. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Restrict app permissions

all

Review and limit app permissions, especially for settings access

Avoid untrusted apps

all

Only install apps from official Huawei AppGallery

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks
  • Implement mobile device management with strict app whitelisting

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. If before June 2022 security update, likely vulnerable.

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify HarmonyOS version shows June 2022 security update installed in Settings > About phone > HarmonyOS version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual settings access patterns
  • Failed permission requests for settings APIs

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable - local device vulnerability without network indicators

📊 Metadata

CVE ID: CVE-2022-31757
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: June 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON