VYPR

Go2

by Unitree Robotics

CVEs (6)

  • CVE-2025-60017HigSep 26, 2025
    risk 0.53cvss 8.2epss 0.01

    Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).

  • CVE-2026-27509HigFeb 26, 2026
    risk 0.52cvss 8.0epss 0.00

    Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthenticated attacker can join…

  • CVE-2025-60251MedSep 26, 2025
    risk 0.33cvss 5.0epss 0.00

    Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring.

  • CVE-2026-1442Feb 27, 2026
    risk 0.00cvss epss 0.00

    Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree…

  • CVE-2026-27510Feb 26, 2026
    risk 0.00cvss epss 0.00

    Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores…

  • CVE-2025-35027Sep 26, 2025
    risk 0.00cvss epss 0.02

    Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart…