CVE-2023-52100 – CVE-2023-52100 is an access control vulnerabili... (How to Fix)

Q: What is the severity of CVE-2023-52100?

CVE-2023-52100 has a CVSS score of 7.5 (HIGH). CVE-2023-52100 is an access control vulnerability in the Celia Keyboard module on Huawei devices running HarmonyOS. Successful exploitation could allow attackers to disrupt keyboard functionality, affecting device availability. This primarily affects Huawei smartphone and tablet users with vulnerable HarmonyOS versions.

📋 TL;DR

CVE-2023-52100 is an access control vulnerability in the Celia Keyboard module on Huawei devices running HarmonyOS. Successful exploitation could allow attackers to disrupt keyboard functionality, affecting device availability. This primarily affects Huawei smartphone and tablet users with vulnerable HarmonyOS versions.

💻 Affected Systems

Products:

Huawei smartphones
Huawei tablets

Versions: HarmonyOS versions prior to security updates released in January 2024

Operating Systems: HarmonyOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Celia Keyboard module; exact device models not specified in references but likely multiple Huawei models.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete keyboard functionality disruption preventing user input, potentially requiring device restart or factory reset to restore functionality.

🟠

Likely Case

Temporary keyboard unresponsiveness or crashes requiring app restarts, causing user inconvenience and productivity loss.

🟢

If Mitigated

Minimal impact with proper patching; keyboard functions normally with standard security controls.

🌐 Internet-Facing: LOW - Requires local device access or malicious app installation, not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Malicious apps or compromised devices within organization could exploit this to disrupt user productivity.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires malicious app installation or local device access; no public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS security updates from January 2024

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/1/

Restart Required: Yes

Instructions:

1. Go to Settings > System & updates > Software update. 2. Check for updates. 3. Install available security updates from January 2024 or later. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable Celia Keyboard

all

Temporarily disable vulnerable keyboard module and use alternative keyboard

Settings > System & updates > Language & input > Virtual keyboard > Manage keyboards > Toggle off Celia Keyboard

🧯 If You Can't Patch

Restrict app installations to official Huawei AppGallery only
Implement mobile device management (MDM) to control app permissions and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. If version predates January 2024 security updates, device is vulnerable.

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify HarmonyOS version includes January 2024 security updates in Settings > About phone > HarmonyOS version details.

📡 Detection & Monitoring

Log Indicators:

Celia Keyboard crash logs
Keyboard service termination events
Permission escalation attempts

Network Indicators:

None - local vulnerability only

SIEM Query:

Device logs showing 'Celia Keyboard' process crashes or permission errors

📊 Metadata

CVE ID: CVE-2023-52100

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: January 16, 2024

Last Updated: June 2, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2024/1/ Not Applicable
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977 Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2024/1/ Not Applicable
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON