CVE-2024-54103 – This vulnerability allows unauthorized access t... (How to Fix)

Q: What is the severity of CVE-2024-54103?

CVE-2024-54103 has a CVSS score of 6.1 (MEDIUM). This vulnerability allows unauthorized access to album content due to improper access control in Huawei devices. It affects users of specific Huawei smartphone models running vulnerable software versions, potentially exposing private photos and media.

📋 TL;DR

This vulnerability allows unauthorized access to album content due to improper access control in Huawei devices. It affects users of specific Huawei smartphone models running vulnerable software versions, potentially exposing private photos and media.

💻 Affected Systems

Products:

Huawei smartphones with album functionality

Versions: Specific versions mentioned in Huawei security bulletin (check advisory for exact versions)

Operating Systems: HarmonyOS, Android-based Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default album applications on Huawei devices. Exact models and versions should be verified against the Huawei security bulletin.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could access all album content including private photos and sensitive media files stored on the device.

🟠

Likely Case

Unauthorized access to album content through application vulnerabilities or malicious apps.

🟢

If Mitigated

Proper access controls prevent unauthorized album access, maintaining normal functionality for legitimate users.

🌐 Internet-Facing: LOW - This appears to be a local device vulnerability requiring physical or app-based access.

🏢 Internal Only: MEDIUM - Malicious apps or compromised applications could exploit this vulnerability on affected devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires malicious application installation or compromised legitimate applications with appropriate permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/12/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletin for affected models and versions. 2. Update device software through Settings > System & updates > Software update. 3. Restart device after update completes.

🔧 Temporary Workarounds

Restrict app permissions

all

Review and restrict album/storage permissions for all applications

Use secure folder

all

Move sensitive photos to secure folder with additional authentication

🧯 If You Can't Patch

Disable or restrict album app permissions for untrusted applications
Use third-party secure gallery applications with better access controls

🔍 How to Verify

Check if Vulnerable:

Check device model and software version against Huawei security bulletin

Check Version:

Settings > About phone > Software information

Verify Fix Applied:

Verify software version is updated beyond vulnerable versions listed in advisory

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to gallery/album APIs
Permission escalation attempts

Network Indicators:

Unusual data exfiltration patterns from gallery apps

SIEM Query:

app:"gallery" OR app:"album" AND (event:"permission_denied" OR event:"unauthorized_access")

📊 Metadata

CVE ID: CVE-2024-54103

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

CWE: CWE-264

Published: December 12, 2024

Last Updated: September 18, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2024/12/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54103, you might also want to check these: