Login Sign Up

CVE-2023-46774

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability involves uncaught exceptions in the NFC module that can be exploited to affect NFC availability on Huawei devices running HarmonyOS. Successful exploitation could cause NFC functionality to become unavailable, impacting devices that rely on NFC for contactless payments, access control, or data transfer. The vulnerability affects Huawei smartphones and tablets with specific HarmonyOS versions.

💻 Affected Systems

Products:
  • Huawei smartphones
  • Huawei tablets
Versions: HarmonyOS versions prior to security patch November 2023
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with NFC hardware capability; devices without NFC hardware are not vulnerable.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of NFC service on affected devices, preventing contactless payments, access control, and data transfer functionality until device restart or patch application.

🟠

Likely Case

Temporary disruption of NFC functionality requiring device restart to restore service.

🟢

If Mitigated

Minimal impact with proper patching; NFC functionality remains available with normal operation.

🌐 Internet-Facing: LOW - NFC is a short-range wireless technology not directly internet-facing, though internet connectivity could be involved in some NFC use cases.
🏢 Internal Only: MEDIUM - NFC is primarily used in physical proximity scenarios, but exploitation could disrupt business operations relying on NFC access control or payments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires physical proximity or malicious NFC interaction; no authentication required to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS security patch November 2023 or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2023/11/

Restart Required: Yes

Instructions:

1. Navigate to Settings > System & updates > Software update. 2. Check for updates. 3. Install the November 2023 security patch or later. 4. Restart device after installation.

🔧 Temporary Workarounds

Disable NFC temporarily

all

Turn off NFC functionality to prevent exploitation until patch can be applied

Settings > More connections > NFC > Toggle OFF

🧯 If You Can't Patch

  • Disable NFC functionality in device settings
  • Restrict physical access to devices and monitor for NFC service disruptions

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version: Settings > About phone > HarmonyOS version. If version is prior to November 2023 security patch, device is vulnerable.

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify HarmonyOS version shows November 2023 security patch or later, then test NFC functionality with a contactless payment or data transfer.

📡 Detection & Monitoring

Log Indicators:

  • NFC service crash logs
  • System logs showing NFC module exceptions
  • Application logs reporting NFC failures

Network Indicators:

  • Unusual NFC transaction patterns
  • Multiple NFC service restart attempts

SIEM Query:

source="device_logs" AND ("NFC" AND ("crash" OR "exception" OR "unavailable"))

📊 Metadata

CVE ID: CVE-2023-46774
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: November 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON