CVE-2025-35027

CVE-2025-35027 affects Unitree Go2, G1, H1, and B2 robotic devices sharing a common firmware (MIT Cheetah). It enables command injection by supplying a malicious string during BLE-configured WiFi setup and triggering a WiFi service restart, allowing commands to run as root via the wpa_supplicant_...

CVE-2023-3104 Missing Authentication for Critical Function in Unitree Robotics A1

Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication...

CVE-2023-3103 Authentication Bypass by Spoofing in Unitree Robotics A1

Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle MITM attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a...

Unitree Robotics A1 Security Breach

Unitree Robotics A1 is a quadrupedal robot from Chinese company Unitree Robotics. A security vulnerability exists in Unitree Robotics A1 version 1.16, which stems from a lack of authentication and allows a local attacker to use a web server to view through a webcam...