Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down
CVE-2022-2675

6.5MEDIUM

Key Information:

Vendor: Unitree
Status: Go 1
Vendor: CVE Published:; 5 August 2022

🔔 Create Unitree Vulnerability Alert

What is CVE-2022-2675?

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.

Affected Version(s)

Go 1 H0.1.7 0.1.35

Go 1 H0.1.9 0.1.35

References

https://twitter.com/d0tslash/status/1555326302462394370

x_refsource_MISC

https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-...

x_refsource_MISC

https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2022
Vulnerability Reserved
Aug 5, 2022

Credit

Discovered and reported by security researcher Kevin Finisterre

.