Login Sign Up

CVE-2023-52362

7.5 HIGH
Authentication Bypass

📋 TL;DR

A permission management vulnerability in the lock screen module of Huawei/HarmonyOS devices allows attackers to bypass lock screen protections. Successful exploitation could lead to unauthorized access to the device, affecting availability. This affects Huawei smartphones and tablets running vulnerable HarmonyOS versions.

💻 Affected Systems

Products:
  • Huawei smartphones
  • Huawei tablets
Versions: HarmonyOS versions prior to security patch February 2024
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with lock screen enabled. Exact device models not specified in references.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete lock screen bypass allowing full device access, data theft, and potential installation of malware.

🟠

Likely Case

Unauthorized access to device functions and applications behind the lock screen.

🟢

If Mitigated

Limited impact if device has additional security layers like biometric authentication or remote wipe capabilities.

🌐 Internet-Facing: LOW - Requires physical or local access to device.
🏢 Internal Only: MEDIUM - Physical device theft or unauthorized access in organizational settings could lead to data compromise.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires physical access to device. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security patch level February 2024 or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/2/

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings. 2. Install February 2024 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Enable additional authentication

all

Use biometric authentication (fingerprint/face) in addition to lock screen

Remote wipe capability

all

Enable remote wipe through device management to mitigate data theft risk

🧯 If You Can't Patch

  • Restrict physical access to devices through physical security controls
  • Implement mobile device management (MDM) with remote lock/wipe capabilities

🔍 How to Verify

Check if Vulnerable:

Check security patch level in Settings > About phone > Build number

Check Version:

Not applicable - check through device settings UI

Verify Fix Applied:

Verify security patch level shows February 2024 or later

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed unlock attempts followed by successful access
  • Unusual device access patterns

Network Indicators:

  • None - local vulnerability

SIEM Query:

Not applicable - primarily physical security monitoring required

📊 Metadata

CVE ID: CVE-2023-52362
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-276
Published: February 18, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52362, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)