Filtered by vendor Unitree
Subscribe
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-35027 | 1 Unitree | 8 B2, B2 Firmware, G1 and 5 more | 2026-01-12 | N/A | 7.3 HIGH |
| Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches. | |||||
| CVE-2025-45467 | 1 Unitree | 2 Go1, Go1 Firmware | 2026-01-12 | N/A | 7.1 HIGH |
| Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation. | |||||
| CVE-2025-45466 | 1 Unitree | 2 Go1, Go1 Firmware | 2026-01-12 | N/A | 8.8 HIGH |
| Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext. | |||||
| CVE-2025-2894 | 1 Unitree | 2 Go1, Go1 Firmware | 2026-01-12 | N/A | 6.6 MEDIUM |
| The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service. | |||||
| CVE-2023-3104 | 1 Unitree | 2 A1, A1 Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication. | |||||
| CVE-2023-3103 | 1 Unitree | 2 A1, A1 Firmware | 2024-11-21 | N/A | 8.0 HIGH |
| Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition. | |||||
| CVE-2022-2675 | 1 Unitree | 2 Go 1, Go 1 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1. | |||||