CVE-2024-58046 – A permission management vulnerability in Huawei... (How to Fix)

Q: What is the severity of CVE-2024-58046?

CVE-2024-58046 has a CVSS score of 6.2 (MEDIUM). A permission management vulnerability in Huawei device lock screen modules could allow unauthorized access to protected services. This affects Huawei smartphone and tablet users who haven't applied security updates. Attackers could potentially bypass lock screen protections to access sensitive information.

📋 TL;DR

A permission management vulnerability in Huawei device lock screen modules could allow unauthorized access to protected services. This affects Huawei smartphone and tablet users who haven't applied security updates. Attackers could potentially bypass lock screen protections to access sensitive information.

💻 Affected Systems

Products:

Huawei smartphones
Huawei tablets

Versions: Specific versions not detailed in bulletin; affected versions prior to March 2025 security updates

Operating Systems: HarmonyOS, EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects lock screen module specifically; exact device models not specified in provided reference

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete bypass of lock screen security allowing full access to device data and services without authentication.

🟠

Likely Case

Limited unauthorized access to specific services or data that should be protected by lock screen.

🟢

If Mitigated

Minimal impact with proper device management and security updates applied.

🌐 Internet-Facing: LOW - This is primarily a local device vulnerability requiring physical or local access.

🏢 Internal Only: MEDIUM - Could be exploited by someone with brief physical access to unlocked devices in corporate environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires physical access to device or local access; no public exploit details available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2025 security update

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/3/

Restart Required: Yes

Instructions:

1. Check for updates in Settings > System & updates > Software update. 2. Download and install March 2025 security update. 3. Restart device when prompted.

🔧 Temporary Workarounds

Enable enhanced lock screen security

all

Use stronger authentication methods like PIN, password, or biometrics instead of simple patterns or swipe

Enable remote wipe capability

all

Configure device management to allow remote wipe if device is lost or stolen

🧯 If You Can't Patch

Implement strict physical security controls for devices
Enable device encryption and configure automatic lock with short timeout

🔍 How to Verify

Check if Vulnerable:

Check if device has March 2025 security update installed in Settings > About phone > Build number

Check Version:

Settings > About phone > Build number (no CLI command available)

Verify Fix Applied:

Verify March 2025 security update is installed and device has been restarted

📡 Detection & Monitoring

Log Indicators:

Multiple failed unlock attempts followed by successful access
Unusual lock screen bypass patterns

Network Indicators:

None - local vulnerability only

SIEM Query:

Device logs showing lock screen bypass or unusual authentication patterns

📊 Metadata

CVE ID: CVE-2024-58046

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-840

EPSS Score: 0.02% exploit probability (4th percentile)

Published: March 4, 2025

Last Updated: September 26, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2025/3/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58046, you might also want to check these: