Login Sign Up

CVE-2023-52360

7.5 HIGH

📋 TL;DR

This CVE describes logic vulnerabilities in the baseband processor of affected Huawei/HarmonyOS devices. Successful exploitation could allow attackers to compromise service integrity, potentially disrupting cellular connectivity or enabling unauthorized access to baseband functions. The vulnerability affects Huawei smartphones and devices running HarmonyOS with specific baseband firmware.

💻 Affected Systems

Products:
  • Huawei smartphones
  • HarmonyOS devices
Versions: Specific HarmonyOS versions with vulnerable baseband firmware (exact versions not specified in provided references)
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires baseband access; exact device models not specified in provided references.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of cellular service, unauthorized baseband access enabling call interception or location tracking, or device instability requiring factory reset.

🟠

Likely Case

Temporary service disruption, dropped calls, or degraded network performance until device restart or patch application.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated firmware preventing exploitation attempts.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Baseband exploitation typically requires specialized knowledge and proximity/network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS security updates from February 2024 onward

Vendor Advisory: https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings. 2. Install available HarmonyOS security updates. 3. Restart device after installation.

🔧 Temporary Workarounds

Disable vulnerable cellular bands

all

Temporarily disable cellular connectivity or specific bands if device allows

🧯 If You Can't Patch

  • Isolate affected devices from critical networks
  • Monitor for unusual baseband activity or service disruptions

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify HarmonyOS version is updated to February 2024 security patch or later

📡 Detection & Monitoring

Log Indicators:

  • Unexpected baseband resets
  • Cellular service disruptions
  • Modem crash logs

Network Indicators:

  • Abnormal baseband signaling
  • Unexpected cellular protocol anomalies

SIEM Query:

Not applicable - baseband level detection requires specialized monitoring

📊 Metadata

CVE ID: CVE-2023-52360
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-511
Published: February 18, 2024
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON