Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
AnalysisAI
Honor E App discloses sensitive information to unauthorized users via network-accessible endpoints, requiring user interaction but affecting service confidentiality across all product versions. The vulnerability carries a moderate CVSS score of 6.3 (AV:N/AC:L/PR:N/UI:R) indicating remote exploitation without authentication, though successful attack requires user interaction. Patch availability and exploitation status remain unconfirmed from available sources.
Technical ContextAI
Honor E App (CPE: cpe:2.3:a:honor:honor_e:*:*:*:*:*:*:*:*) is affected by an information disclosure vulnerability accessible over the network. The root cause is classified under generic information disclosure risk rather than a specific CWE mapping. The vulnerability is exploitable without privilege escalation (PR:N) but requires user interaction (UI:R), suggesting the attack vector involves social engineering or user-initiated actions that expose the data leak pathway. The network-accessible nature (AV:N) indicates the flaw exists in web services, APIs, or networked components of the Honor E platform rather than local system mechanisms.
RemediationAI
Honor customers should immediately check the official security advisory at https://www.honor.com/global/security/CVE-2026-31370/ for patch availability and version-specific remediation steps. If a patched version is released, upgrade Honor E App to the patched build following Honor's deployment recommendations. As a compensating control pending patch deployment, restrict network access to Honor E App endpoints using firewall rules or network segmentation to only trusted internal networks or known user device ranges - this reduces the attack surface but may impact legitimate users on untrusted networks (e.g., public Wi-Fi) who will require VPN access or alternative connectivity. Educate users to avoid clicking untrusted links or sharing session identifiers, as user interaction is required to trigger the leak. Monitor access logs for suspicious data retrieval patterns or unusual API calls to the affected endpoints.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24067
GHSA-mj74-pwgm-79gv