Login Sign Up

CVE-2023-52369

9.1 CRITICAL

📋 TL;DR

A stack overflow vulnerability in the NFC module allows attackers to execute arbitrary code or cause denial of service. This affects Huawei devices running HarmonyOS with vulnerable NFC implementations. Successful exploitation could compromise device integrity and availability.

💻 Affected Systems

Products:
  • Huawei smartphones and tablets with NFC capabilities
Versions: HarmonyOS versions prior to security patches released in February 2024
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with NFC hardware and enabled NFC functionality.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Service disruption through denial of service, potentially requiring device reboot or factory reset.

🟢

If Mitigated

Limited impact with proper network segmentation and NFC disabled on critical systems.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires proximity to target device (NFC range) and may require specific NFC interaction patterns.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS security updates from February 2024 onward

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/2/

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings. 2. Install latest security update. 3. Reboot device after installation completes.

🔧 Temporary Workarounds

Disable NFC functionality

all

Turn off NFC to prevent exploitation via this vector

Restrict physical access

all

Limit physical proximity of untrusted devices to prevent NFC interaction

🧯 If You Can't Patch

  • Disable NFC in device settings immediately
  • Implement physical security controls to prevent unauthorized NFC interactions

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. Compare against patched versions in Huawei security bulletins.

Check Version:

Not applicable - check via device Settings interface

Verify Fix Applied:

Verify HarmonyOS version is at or beyond February 2024 security patch level and NFC functions normally.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected NFC service crashes
  • Abnormal NFC stack traces in system logs
  • Multiple failed NFC authentication attempts

Network Indicators:

  • Not applicable - local exploitation only

SIEM Query:

Not applicable for typical mobile device management scenarios

📊 Metadata

CVE ID: CVE-2023-52369
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-787
Published: February 18, 2024
Last Updated: March 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52369, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)