Share
## https://sploitus.com/exploit?id=9026D6F2-F4CA-52E3-8C87-47A77651EB65
# CVE-2023-22906

CVE-2023-22906 is a critical vulnerability that affects the Hero Qubo Smart Doorbell device running version HCD01_02_V1.38_20220125. This particular device allows Telnet access with root privileges by default, without requiring a password. This vulnerability poses a significant security risk as it can lead to unauthorized access, compromising user privacy, exposing sensitive information stored on the device and also potentially enabling the compromised device to be utilized as a cog within a botnet's malicious activities.

[Research Paper](https://github.com/nonamecoder/CVE-2023-22906/blob/main/CVE_2023_22906.pdf)
## Proof of Concept Videos
Shell Access



https://github.com/nonamecoder/CVE-2023-22906/assets/5160055/20b5c679-897b-47b5-b4f3-e9cdd80ed1dc


Rickroll Chime


https://github.com/nonamecoder/CVE-2023-22906/assets/5160055/1f2ea328-7254-4e18-8a9f-36d4650411f5