Login Sign Up

CVE-2023-1694

7.5 HIGH

📋 TL;DR

CVE-2023-1694 is a file privilege escalation vulnerability in the Settings module of Huawei HarmonyOS and EMUI systems. Successful exploitation could allow attackers to gain unauthorized access to sensitive files, potentially compromising confidentiality. This affects Huawei smartphones and tablets running vulnerable versions of HarmonyOS and EMUI.

💻 Affected Systems

Products:
  • Huawei smartphones
  • Huawei tablets
Versions: HarmonyOS versions before 3.1.0.205, EMUI versions before 13.0.0.205
Operating Systems: HarmonyOS, EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected versions are vulnerable by default. No special configuration required.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive system files, user data, or configuration files, leading to complete device compromise and data exfiltration.

🟠

Likely Case

Local attackers with limited privileges could escalate to access protected files containing personal information or system configurations.

🟢

If Mitigated

With proper security updates applied, the vulnerability is eliminated with no residual risk.

🌐 Internet-Facing: LOW - This appears to be a local privilege escalation requiring physical or local access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or users with limited local access could exploit this to access sensitive files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the device. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS 3.1.0.205 or later, EMUI 13.0.0.205 or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2023/4/

Restart Required: Yes

Instructions:

1. Go to Settings > System & updates > Software update. 2. Check for updates. 3. Download and install the latest security update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict app permissions

all

Limit which apps have access to system settings and file permissions

Disable unnecessary system components

all

Disable or restrict access to Settings module for untrusted apps

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement strict app installation policies and only install from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check device settings: Settings > About phone > HarmonyOS version or EMUI version. If version is below 3.1.0.205 (HarmonyOS) or 13.0.0.205 (EMUI), device is vulnerable.

Check Version:

Settings > About phone > HarmonyOS version or EMUI version

Verify Fix Applied:

After update, verify version is 3.1.0.205 or higher for HarmonyOS, or 13.0.0.205 or higher for EMUI.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in system logs
  • Unauthorized attempts to access Settings module

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable for mobile device logs without enterprise mobile management integration

📊 Metadata

CVE ID: CVE-2023-1694
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-269
Published: May 20, 2023
Last Updated: January 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1694, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)