Login Sign Up

CVE-2026-24920

6.2 MEDIUM
Denial of Service

📋 TL;DR

A permission control vulnerability in the AMS module could allow attackers to disrupt system availability. This affects Huawei devices running vulnerable versions of the AMS module. Users of affected Huawei products should apply patches immediately.

💻 Affected Systems

Products:
  • Huawei devices with AMS module
Versions: Specific versions not detailed in provided references
Operating Systems: Huawei HarmonyOS, Android-based Huawei systems
Default Config Vulnerable: ⚠️ Yes
Notes: Exact product list and versions would be detailed in Huawei's official bulletins

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability or denial of service affecting critical functions

🟠

Likely Case

Service disruption or performance degradation in affected AMS module components

🟢

If Mitigated

Minimal impact with proper access controls and network segmentation in place

🌐 Internet-Facing: MEDIUM - Could be exploited if AMS module is exposed to untrusted networks
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit the vulnerability

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

CWE-264 suggests permission/privilege issues, typically requiring some access level

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletins for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2026/2/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletin for affected products. 2. Apply security updates via official channels. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Restrict AMS module access

all

Limit network access to AMS module services

Implement strict permission controls

all

Apply principle of least privilege to AMS-related processes

🧯 If You Can't Patch

  • Isolate affected systems from untrusted networks
  • Implement additional monitoring for AMS module activity

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Huawei security bulletins

Check Version:

Device-specific (Settings > About > Build Number on Huawei devices)

Verify Fix Applied:

Verify installed security patch level matches or exceeds recommended version

📡 Detection & Monitoring

Log Indicators:

  • Unusual AMS module permission changes
  • AMS service crashes or restarts

Network Indicators:

  • Unexpected connections to AMS service ports

SIEM Query:

Search for AMS module permission errors or service disruption events

📊 Metadata

CVE ID: CVE-2026-24920
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-264
EPSS Score: 0% exploit probability (0th percentile)
Published: February 6, 2026
Last Updated: February 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24920, you might also want to check these:

CVE-2021-36879 9.8

This vulnerability allows unauthenticated attackers to escalate privileges in WordPress sites using ...

Same vulnerability type (CWE-264)
CVE-2022-36246 9.8

Shop Beat Media Player versions 2.5.95 through 3.2.57 have insecure permissions that allow unauthori...

Same vulnerability type (CWE-264)
CVE-2022-33198 9.8

This vulnerability allows unauthenticated attackers to modify WordPress options through the Accordio...

Same vulnerability type (CWE-264)