CVE-2023-22906
HIGHHero Qubo HCD01 and HCD02 Firmware - Unauthenticated Root Access via TELNET
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-22906. PoCs published by nonamecoder.
AI-analyzed exploit summary The repository contains a functional Python script that scans the local network for Qubo Smart Doorbell devices vulnerable to CVE-2023-22906, which allows unauthenticated Telnet access with root privileges. The script automates network discovery and connects to vulnerable devices via Telnet.
Description
Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password.
Exploits (1)
The repository contains a functional Python script that scans the local network for Qubo Smart Doorbell devices vulnerable to CVE-2023-22906, which allows unauthenticated Telnet access with root privileges. The script automates network discovery and connects to vulnerable devices via Telnet.
References (2)
Scores
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H