## https://sploitus.com/exploit?id=9026D6F2-F4CA-52E3-8C87-47A77651EB65
# CVE-2023-22906
CVE-2023-22906 is a critical vulnerability that affects the Hero Qubo Smart Doorbell device running version HCD01_02_V1.38_20220125. This particular device allows Telnet access with root privileges by default, without requiring a password. This vulnerability poses a significant security risk as it can lead to unauthorized access, compromising user privacy, exposing sensitive information stored on the device and also potentially enabling the compromised device to be utilized as a cog within a botnet's malicious activities.
[Research Paper](https://github.com/nonamecoder/CVE-2023-22906/blob/main/CVE_2023_22906.pdf)
## Proof of Concept Videos
Shell Access
https://github.com/nonamecoder/CVE-2023-22906/assets/5160055/20b5c679-897b-47b5-b4f3-e9cdd80ed1dc
Rickroll Chime
https://github.com/nonamecoder/CVE-2023-22906/assets/5160055/1f2ea328-7254-4e18-8a9f-36d4650411f5