PT-2025-39470

Name of the Vulnerable Software and Affected Versions Unitree Go2, G1, H1, and B2 devices through 2025-09-20 Description The devices decrypt Bluetooth Low Energy BLE packet data using a fixed key df98b715d5c6ed2b25817b6f2554124a and Initialization Vector IV 2841ae97419c2973296a0d4bdfe19a4f. This...

PT-2025-39469

Name of the Vulnerable Software and Affected Versions Unitree Go2, G1, H1, and B2 devices through 2025-09-20 Description The devices allow for root operating system command injection. This is possible through the hostapd restart.sh script, specifically via the wifi ssid or wifi pass parameters...

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

MAL-2025-11611 Malicious code in @zalastax/nolb-go2 (npm)

The package @zalastax/nolb-go2 was found to contain malicious code...

Malicious code in @zalastax/nolb-go2 (npm)

The package @zalastax/nolb-go2 was found to contain malicious code...

CVE-2023-33508

KramerAV VIA GO² 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution RCE...

CVE-2024-52876

Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions in broadcast mode via multiple read operations on the ASTM Remote ID 0xFFFA GATT...

CVE-2024-52876

Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions in broadcast mode via multiple read operations on the ASTM Remote ID 0xFFFA GATT...

CVE-2024-52876

The CVE-2024-52876 entry pertains to Holy Stone Remote ID Module HSRID01 (firmware distributed with Drone Go2 before version 1.1.8). The issue allows unauthenticated remote power-off actions in broadcast mode via multiple read operations on the ASTM Remote ID (0xFFFA) GATT. Affected firmware vers...

CVE-2024-52876

Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions in broadcast mode via multiple read operations on the ASTM Remote ID 0xFFFA GATT...

Kramer VIA GO² 代码问题漏洞

The Kramer VIA GO² is a 4K wireless presentation device from Kramer. A security vulnerability exists in KramerAV VIA GO² versions prior to 4.0.1.1326 that stems from vulnerability to unauthenticated file uploads, which can lead to remote code execution RCE...

PT-2023-24369 · Kramerav · Kramerav Via Go²

Name of the Vulnerable Software and Affected Versions: KramerAV VIA GO² versions prior to 4.0.1.1326 Description: The issue allows for unauthenticated file upload, resulting in Remote Code Execution RCE. Recommendations: For versions prior to 4.0.1.1326, update to version 4.0.1.1326 or later to...

go2.cn XSS vulnerability

Open Bug Bounty ID: OBB-494256 Description| Value ---|--- Affected Website:| go2.cn Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based on ISO...