VYPR
Vendor

Unitree Robotics

Products
7
CVEs
14
Across products
21
Status
Private

Products

7

Recent CVEs

14
  • CVE-2025-60017HigSep 26, 2025
    risk 0.53cvss 8.2epss 0.01

    Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).

  • CVE-2026-27509HigFeb 26, 2026
    risk 0.52cvss 8.0epss 0.00

    Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthenticated attacker can join…

  • CVE-2023-3103HigNov 22, 2023
    risk 0.52cvss 8.0epss 0.01

    Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could…

  • CVE-2025-2894MedMar 28, 2025
    risk 0.43cvss 6.6epss 0.01

    The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic…

  • CVE-2022-2675MedAug 5, 2022
    risk 0.42cvss 6.5epss 0.00

    Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.

  • CVE-2023-3104MedNov 22, 2023
    risk 0.37cvss 5.7epss 0.01

    Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication.

  • CVE-2025-60251MedSep 26, 2025
    risk 0.33cvss 5.0epss 0.00

    Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring.

  • CVE-2025-60250MedSep 26, 2025
    risk 0.31cvss 4.7epss 0.00

    Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV.

  • CVE-2026-1442Feb 27, 2026
    risk 0.00cvss epss 0.00

    Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree…

  • CVE-2026-27510Feb 26, 2026
    risk 0.00cvss epss 0.00

    Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores…

  • CVE-2025-35027Sep 26, 2025
    risk 0.00cvss epss 0.02

    Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart…

  • CVE-2025-8980Aug 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The…

  • CVE-2025-45467Jul 25, 2025
    risk 0.00cvss epss 0.00

    Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation.

  • CVE-2025-45466Jul 25, 2025
    risk 0.00cvss epss 0.01

    Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext.