CVE-2022-2675

Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down

EPSS 0.5%CWE-285

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 ago 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.

Produtos afetados

Unitree · Go 1

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729 https://twitter.com/d0tslash/status/1555326302462394370 https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf