CVE-2023-40930

MEDIUM

Skyworth OS v3.0 - Path Traversal via Udisk Mount to /mnt/

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-40930. PoCs published by NSnidie.

AI-analyzed exploit summary The repository lacks actual exploit code and instead provides vague setup instructions for reproducing CVE-2023-40930, directing users to an external PDF for details and an email for further contact. No technical analysis or functional PoC is included.

Description

An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory traversal via mounting the Udisk to /mnt/.

Exploits (1)

nomisec SUSPICIOUS 2 stars

by NSnidie · poc

https://github.com/NSnidie/CVE-2023-40930

View Code ZIP pw:eip

The repository lacks actual exploit code and instead provides vague setup instructions for reproducing CVE-2023-40930, directing users to an external PDF for details and an email for further contact. No technical analysis or functional PoC is included.

Classification

Suspicious 80%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unknown (likely Linux/ARM-based systems)

No auth needed

Prerequisites: ARM64/ARM32 device · rooted Android or custom directory setup · external 'Bad Udisk'

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://gist.github.com/NSnidie/2af70d58426c4563b2f11171379fdd8c

Scores

CVSS v3 6.8

EPSS 0.0122

EPSS Percentile 64.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

skyworth/skyworth_os 3.0

Published Sep 20, 2023

Tracked Since Feb 18, 2026