CVE-2024-42035 – A permission control vulnerability in Huawei's ... (How to Fix)

Q: What is the severity of CVE-2024-42035?

CVE-2024-42035 has a CVSS score of 8.4 (HIGH). A permission control vulnerability in Huawei's App Multiplier module allows unauthorized access to sensitive functionality. This affects Huawei devices running vulnerable versions of the App Multiplier software, potentially exposing user data and system functions.

📋 TL;DR

A permission control vulnerability in Huawei's App Multiplier module allows unauthorized access to sensitive functionality. This affects Huawei devices running vulnerable versions of the App Multiplier software, potentially exposing user data and system functions.

💻 Affected Systems

Products:

Huawei devices with App Multiplier module

Versions: Specific versions not detailed in reference; check Huawei advisory for exact ranges.

Operating Systems: HarmonyOS, Android-based Huawei systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices where App Multiplier is enabled; exact configurations require checking Huawei's bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing unauthorized access to all app data and functionality controlled by the App Multiplier module.

🟠

Likely Case

Unauthorized access to specific app data and functionality, potentially exposing sensitive user information.

🟢

If Mitigated

Limited impact with proper access controls and isolation in place, restricting the vulnerability's scope.

🌐 Internet-Facing: MEDIUM - Requires app interaction but could be exploited through malicious apps or network vectors.

🏢 Internal Only: HIGH - Direct access to vulnerable devices could lead to significant data exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some level of app interaction or device access; no public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions.

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/8/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletin for affected devices. 2. Apply the latest security update via device settings. 3. Restart the device after update.

🔧 Temporary Workarounds

Disable App Multiplier

all

Temporarily disable the App Multiplier feature to mitigate the vulnerability.

Navigate to Settings > Apps > App Multiplier > Disable

Restrict App Installations

all

Only install apps from trusted sources to reduce attack surface.

Navigate to Settings > Security > Install unknown apps > Disable for all apps

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data.
Implement strict app whitelisting and monitor for unusual app behavior.

🔍 How to Verify

Check if Vulnerable:

Check device settings for App Multiplier version and compare with Huawei's security bulletin.

Check Version:

Settings > Apps > App Multiplier > App info > Version

Verify Fix Applied:

Verify the security patch level in Settings > About phone > Build number matches patched version.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to App Multiplier APIs
Unexpected permission requests from apps

Network Indicators:

Unusual network traffic from App Multiplier processes

SIEM Query:

Search for events related to App Multiplier permission changes or access violations.

📊 Metadata

CVE ID: CVE-2024-42035

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: August 8, 2024

Last Updated: September 18, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2024/8/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42035, you might also want to check these: