VYPR

H1

by Unitree Robotics

CVEs (3)

  • CVE-2025-60017HigSep 26, 2025
    risk 0.53cvss 8.2epss 0.01

    Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).

  • CVE-2025-60251MedSep 26, 2025
    risk 0.33cvss 5.0epss 0.00

    Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring.

  • CVE-2025-35027Sep 26, 2025
    risk 0.00cvss epss 0.02

    Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart…