Login Sign Up

CVE-2022-48350

7.5 HIGH

📋 TL;DR

The HUAWEI Messaging app has a vulnerability allowing unauthorized file access, potentially exposing sensitive user data. This affects users of HUAWEI devices running vulnerable versions of the Messaging app. Attackers could exploit this to read files without proper permissions.

💻 Affected Systems

Products:
  • HUAWEI Messaging app
Versions: Versions before HarmonyOS 3.0.0.205
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects HUAWEI devices running vulnerable versions of HarmonyOS with the Messaging app installed.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user confidentiality with exposure of sensitive files including personal messages, attachments, and potentially other app data stored on the device.

🟠

Likely Case

Unauthorized access to message content, attachments, and other files accessible to the Messaging app, leading to privacy violations.

🟢

If Mitigated

Limited impact with proper app sandboxing and file permission controls in place, though some data exposure may still occur.

🌐 Internet-Facing: LOW - This is a local app vulnerability requiring app installation/access, not directly internet-exposed.
🏢 Internal Only: MEDIUM - Requires malicious app installation or physical access to device, but could be exploited through social engineering or other apps.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires app-level access or malicious app installation; no public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS 3.0.0.205 and later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2023/3/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Install HarmonyOS 3.0.0.205 or later. 3. Restart device after update completes.

🔧 Temporary Workarounds

Disable or restrict Messaging app

all

Temporarily disable or restrict permissions for the Messaging app to reduce attack surface

Use alternative messaging app

all

Switch to a different messaging application until patch is applied

🧯 If You Can't Patch

  • Implement strict app installation controls to prevent malicious apps
  • Enable device encryption and use secure file storage practices

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. If below 3.0.0.205, device is vulnerable.

Check Version:

Settings navigation only - no command line available for consumer devices

Verify Fix Applied:

Verify HarmonyOS version is 3.0.0.205 or higher in Settings > About phone > HarmonyOS version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns by Messaging app
  • Permission violation alerts in system logs

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable for consumer mobile devices

📊 Metadata

CVE ID: CVE-2022-48350
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-862
Published: March 27, 2023
Last Updated: February 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48350, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)