CVE-2024-47151 – This CVE describes a file writing vulnerability... (How to Fix)

Q: What is the severity of CVE-2024-47151?

CVE-2024-47151 has a CVSS score of 6.3 (MEDIUM). This CVE describes a file writing vulnerability in certain Honor products that could allow attackers to write arbitrary files to the system. If exploited, this could lead to remote code execution. The vulnerability affects specific Honor device models running vulnerable software versions.

📋 TL;DR

This CVE describes a file writing vulnerability in certain Honor products that could allow attackers to write arbitrary files to the system. If exploited, this could lead to remote code execution. The vulnerability affects specific Honor device models running vulnerable software versions.

💻 Affected Systems

Products:

Specific Honor smartphone models (exact models not specified in public advisory)

Versions: Specific software versions prior to the patch (exact versions not specified in public advisory)

Operating Systems: Android-based Honor MagicOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the file handling mechanism of affected Honor devices. Exact product list and version ranges are typically detailed in vendor security bulletins.

📦 What is this software?

Magicos by Honor

View all CVEs affecting Magicos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full system control through arbitrary code execution, potentially compromising the entire device and any data stored on it.

🟠

Likely Case

Local attacker with some system access escalates privileges or modifies system files to gain persistent access or disrupt device functionality.

🟢

If Mitigated

With proper access controls and file permission restrictions, exploitation would be limited to specific directories with minimal impact.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some level of system access or user interaction. The CWE-434 classification suggests unrestricted file upload or improper file handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific security patch version (check vendor advisory for exact version)

Vendor Advisory: https://www.honor.com/global/security/cve-2024-47151/

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install the latest security patch from Honor. 3. Reboot device after installation. 4. Verify patch installation in About Phone > Build Number.

🔧 Temporary Workarounds

Restrict file system access

android

Limit which applications have write access to sensitive directories

Disable unnecessary services

android

Turn off any file sharing or transfer services not in use

🧯 If You Can't Patch

Isolate affected devices from critical networks and sensitive data
Implement strict application whitelisting and monitor for suspicious file operations

🔍 How to Verify

Check if Vulnerable:

Check device software version in Settings > About Phone and compare against vendor's patched version list

Check Version:

No command-line access typically available on consumer Honor devices

Verify Fix Applied:

Verify the security patch level in Settings > About Phone shows the patched version or later

📡 Detection & Monitoring

Log Indicators:

Unexpected file write operations to system directories
File permission changes in sensitive locations

Network Indicators:

Unusual file transfer activity from device
Suspicious connections to file sharing services

SIEM Query:

Not applicable for typical consumer device deployments

📊 Metadata

CVE ID: CVE-2024-47151

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-434

Published: December 26, 2024

Last Updated: June 5, 2025

🔗 References

https://www.honor.com/global/security/cve-2024-47151/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47151, you might also want to check these: