Missing Authentication for Critical Function in Unitree Robotics A1
CVE-2023-3104

7.5HIGH

Key Information:

Vendor: Unitree Robotics
Status: A1
Vendor: CVE Published:; 22 November 2023

🔔 Create Unitree Robotics Vulnerability Alert

What is CVE-2023-3104?

An unauthenticated local user can exploit a vulnerability in Unitree Robotics A1 products, allowing them to access camera feeds through the web server without any authentication measures in place. This lack of security could lead to unauthorized surveillance, compromising user privacy and safety.

Affected Version(s)

A1 1.16

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Jun 5, 2023

Credit

Alberto Miguel Diez

Adrián Campazas Vega