3 matches found
CVE-2026-27509
CVE-2026-27509 affects Unitree Go2 firmware versions V1.1.7–V1.1.9 and V1.1.11 (EDU). The issue is missing DDS authentication/authorization for Eclipse CycloneDDS topic rt/api/programming_actuator/request (handled by actuator_manager.py). A network-adjacent, unauthenticated attacker can join DDS ...
CVE-2025-35027
CVE-2025-35027 affects Unitree Go2, G1, H1, and B2 robotic devices sharing a common firmware (MIT Cheetah). It enables command injection by supplying a malicious string during BLE-configured WiFi setup and triggering a WiFi service restart, allowing commands to run as root via the wpa_supplicant_...
CVE-2026-27510
CVE-2026-27510 affects Unitree Go2 firmware 1.1.7–1.1.11 with the Go2 Android app (com.unitree.doggo2). The issue is remote code execution due to missing integrity protection and validation of user-created programs. The Android app stores programs in a local SQLite database (unitree_go2.db, table...