Description
Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-03-05
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability impact
Action: Apply patch
AI Analysis

Impact

A permission control flaw exists in the cellular_data module of Huawei HarmonyOS. The vulnerability allows a malicious actor to manipulate cellular data access permissions, potentially causing a denial of service on the device’s connectivity. The weakness is a classic example of insufficient authorization checks, as identified by CWE‑264.

Affected Systems

The flaw affects Huawei HarmonyOS operating systems, specifically versions 5.1.0 and 6.0.0. It is documented for all product lines that ship with these OS releases, including phones, laptops, smart TVs, and wearables.

Risk and Exploitability

The CVSS score of 4.0 represents moderate severity, while the EPSS score of less than 1% indicates a very low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or device‑based: an attacker with the ability to install or modify applications with elevated privileges can exploit the permission control flaw to disrupt cellular connectivity. Due to the potential impact on availability, the risk to affected users warrants timely remediation.

Generated by OpenCVE AI on April 16, 2026 at 12:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest HarmonyOS firmware update that addresses the cellular_data permission control flaw from Huawei’s official support site.
  • Review and remove or restrict cellular_data permissions granted to non‑essential or third‑party applications through the device’s settings menu.
  • Configure device logging and alerts to detect abnormal or unauthorized changes to cellular connectivity settings, and review logs regularly for signs of exploitation.

Generated by OpenCVE AI on April 16, 2026 at 12:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title Permission control flaw in HarmonyOS cellular_data module may affect device connectivity

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei harmonyos

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-264
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T15:40:44.998Z

Reserved: 2026-02-28T03:58:12.087Z

Link: CVE-2026-28541

cve-icon Vulnrichment

Updated: 2026-03-05T15:28:56.308Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T08:15:58.993

Modified: 2026-03-05T21:39:23.040

Link: CVE-2026-28541

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:30:06Z

Weaknesses