CVE-2022-2675

Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down

EPSS 0.5%CWE-285

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

05 Aug 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.

Affected products

Unitree · Go 1

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729 https://twitter.com/d0tslash/status/1555326302462394370 https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf