Filtered by vendor Unitree Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-35027 1 Unitree 4 B2, G1, Go2 and 1 more 2025-09-30 7.3 High
Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.
CVE-2025-60250 1 Unitree 4 B2, G1, Go2 and 1 more 2025-09-26 4.7 Medium
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV.
CVE-2025-60017 1 Unitree 4 B2, G1, Go2 and 1 more 2025-09-26 8.2 High
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).
CVE-2025-60251 1 Unitree 4 B2, G1, Go2 and 1 more 2025-09-26 5 Medium
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring.
CVE-2023-3104 1 Unitree 2 A1, A1 Firmware 2024-11-21 5.7 Medium
Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication.
CVE-2023-3103 1 Unitree 2 A1, A1 Firmware 2024-11-21 8 High
Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition.
CVE-2022-2675 1 Unitree 2 Go 1, Go 1 Firmware 2024-11-21 6.5 Medium
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.