Login Sign Up

CVE-2023-52372

7.5 HIGH
Denial of Service

📋 TL;DR

This CVE describes an input validation vulnerability in the motor module of Huawei/HarmonyOS devices. Attackers can exploit this flaw to cause denial-of-service conditions, potentially disrupting device functionality. The vulnerability affects Huawei consumer devices running vulnerable versions of HarmonyOS.

💻 Affected Systems

Products:
  • Huawei smartphones
  • Huawei tablets
  • HarmonyOS devices
Versions: Specific HarmonyOS versions as detailed in Huawei security bulletins
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with motor modules (vibration, camera mechanisms, etc.) running vulnerable HarmonyOS versions.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device unavailability or system crash requiring physical intervention to restore functionality.

🟠

Likely Case

Temporary service disruption affecting specific motor-related functions until system restart.

🟢

If Mitigated

Minimal impact with proper input validation and system hardening in place.

🌐 Internet-Facing: MEDIUM - Requires specific conditions and targeting but could affect exposed services.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through lateral movement.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires specific input to trigger the vulnerability; no public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Huawei security bulletins for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/2/

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install available security updates. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary motor functions

all

Temporarily disable non-essential motor-related features through device settings

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable devices
  • Monitor for abnormal system behavior and motor module activity

🔍 How to Verify

Check if Vulnerable:

Check device HarmonyOS version in Settings > About phone > HarmonyOS version

Check Version:

Not applicable - check through device settings interface

Verify Fix Applied:

Verify installed security patch level in Settings > Security > Security update

📡 Detection & Monitoring

Log Indicators:

  • Abnormal motor module activity
  • System crash logs
  • Unexpected input validation failures

Network Indicators:

  • Unusual device communication patterns
  • Anomalous system service requests

SIEM Query:

device.os:"HarmonyOS" AND (event.category:"system_crash" OR event.type:"input_validation_failure")

📊 Metadata

CVE ID: CVE-2023-52372
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: February 18, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52372, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)