CVE-2024-47154 – This CVE describes an information leak vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-47154?

CVE-2024-47154 has a CVSS score of 5.5 (MEDIUM). This CVE describes an information leak vulnerability affecting certain Honor products. Successful exploitation could allow unauthorized access to sensitive information stored on the device. The vulnerability affects users of specific Honor products with vulnerable software versions.

📋 TL;DR

This CVE describes an information leak vulnerability affecting certain Honor products. Successful exploitation could allow unauthorized access to sensitive information stored on the device. The vulnerability affects users of specific Honor products with vulnerable software versions.

💻 Affected Systems

Products:

Specific Honor products not listed in available reference

Versions: Not specified in available reference

Operating Systems: Android-based Honor OS

Default Config Vulnerable: ⚠️ Yes

Notes: The vendor advisory does not specify exact affected products or versions. Users should check the Honor security advisory for specific details.

📦 What is this software?

Magicos by Honor

View all CVEs affecting Magicos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive user data including personal information, authentication tokens, or device identifiers could be exposed to attackers.

🟠

Likely Case

Limited information disclosure of non-critical system data or metadata.

🟢

If Mitigated

Minimal impact with proper access controls and network segmentation in place.

🌐 Internet-Facing: LOW - This appears to be a local information leak vulnerability requiring some level of access to the device.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with some access to the device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

CWE-203 suggests information exposure through discrepancy, typically requiring some level of access or specific conditions to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available reference

Vendor Advisory: https://www.honor.com/global/security/cve-2024-47154/

Restart Required: Yes

Instructions:

1. Visit the Honor security advisory page
2. Check if your specific device model is affected
3. Apply the latest security update from Honor
4. Restart the device after update

🔧 Temporary Workarounds

Limit app permissions

all

Restrict unnecessary app permissions that could exploit information leaks

Disable developer options

all

Turn off developer options and USB debugging when not needed

🧯 If You Can't Patch

Isolate affected devices from sensitive networks
Implement strict access controls and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check device model and software version against Honor's security advisory

Check Version:

Settings > About Phone > Software Information (exact path may vary by device)

Verify Fix Applied:

Verify the software version matches or exceeds the patched version specified by Honor

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to system files or APIs
Multiple failed attempts to access protected resources

Network Indicators:

Unusual outbound data transfers from mobile devices
Suspicious API calls to system services

SIEM Query:

Not applicable - local device vulnerability

📊 Metadata

CVE ID: CVE-2024-47154

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-203

Published: December 26, 2024

Last Updated: June 5, 2025

🔗 References

https://www.honor.com/global/security/cve-2024-47154/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47154, you might also want to check these: