Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Go 1 by Unitree

    CVE-2022-2675 (GCVE-0-2022-2675)

    Vulnerability from nvd – Published: 2022-08-05 17:01 – Updated: 2024-09-16 16:33
    VLAI
    Title
    Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down
    Summary
    Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Unitree Go 1 Affected: 0.1.35 , ≤ 0.1.35 (custom)
    Create a notification for this product.
    Unitree Go 1 Affected: 0.1.35 , < 0.1.35 (custom)
    Create a notification for this product.
    Date Public
    2022-08-04 00:00
    Credits
    Discovered and reported by security researcher Kevin Finisterre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:03.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/d0tslash/status/1555326302462394370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "H0.1.7"
              ],
              "product": "Go 1",
              "vendor": "Unitree",
              "versions": [
                {
                  "lessThanOrEqual": "0.1.35",
                  "status": "affected",
                  "version": "0.1.35",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "H0.1.9"
              ],
              "product": "Go 1",
              "vendor": "Unitree",
              "versions": [
                {
                  "lessThan": "0.1.35",
                  "status": "affected",
                  "version": "0.1.35",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered and reported by security researcher Kevin Finisterre"
            }
          ],
          "datePublic": "2022-08-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-05T17:01:52.000Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/d0tslash/status/1555326302462394370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Unitree Go 1 \"Robot Dog\" Unauthenticated Remote Power Down",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "cve@rapid7.com",
              "DATE_PUBLIC": "2022-08-04T22:54:00.000Z",
              "ID": "CVE-2022-2675",
              "STATE": "PUBLIC",
              "TITLE": "Unitree Go 1 \"Robot Dog\" Unauthenticated Remote Power Down"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Go 1",
                          "version": {
                            "version_data": [
                              {
                                "platform": "H0.1.7",
                                "version_affected": "\u003c=",
                                "version_name": "0.1.35",
                                "version_value": "0.1.35"
                              },
                              {
                                "platform": "H0.1.9",
                                "version_affected": "\u003c",
                                "version_name": "0.1.35",
                                "version_value": "0.1.35"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unitree"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Discovered and reported by security researcher Kevin Finisterre"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://twitter.com/d0tslash/status/1555326302462394370",
                  "refsource": "MISC",
                  "url": "https://twitter.com/d0tslash/status/1555326302462394370"
                },
                {
                  "name": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729",
                  "refsource": "MISC",
                  "url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
                },
                {
                  "name": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "EXTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2022-2675",
        "datePublished": "2022-08-05T17:01:52.182Z",
        "dateReserved": "2022-08-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:04.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2675 (GCVE-0-2022-2675)

    Vulnerability from cvelistv5 – Published: 2022-08-05 17:01 – Updated: 2024-09-16 16:33
    VLAI
    Title
    Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down
    Summary
    Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Unitree Go 1 Affected: 0.1.35 , ≤ 0.1.35 (custom)
    Create a notification for this product.
    Unitree Go 1 Affected: 0.1.35 , < 0.1.35 (custom)
    Create a notification for this product.
    Date Public
    2022-08-04 00:00
    Credits
    Discovered and reported by security researcher Kevin Finisterre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:03.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/d0tslash/status/1555326302462394370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "H0.1.7"
              ],
              "product": "Go 1",
              "vendor": "Unitree",
              "versions": [
                {
                  "lessThanOrEqual": "0.1.35",
                  "status": "affected",
                  "version": "0.1.35",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "H0.1.9"
              ],
              "product": "Go 1",
              "vendor": "Unitree",
              "versions": [
                {
                  "lessThan": "0.1.35",
                  "status": "affected",
                  "version": "0.1.35",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered and reported by security researcher Kevin Finisterre"
            }
          ],
          "datePublic": "2022-08-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-05T17:01:52.000Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/d0tslash/status/1555326302462394370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Unitree Go 1 \"Robot Dog\" Unauthenticated Remote Power Down",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "cve@rapid7.com",
              "DATE_PUBLIC": "2022-08-04T22:54:00.000Z",
              "ID": "CVE-2022-2675",
              "STATE": "PUBLIC",
              "TITLE": "Unitree Go 1 \"Robot Dog\" Unauthenticated Remote Power Down"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Go 1",
                          "version": {
                            "version_data": [
                              {
                                "platform": "H0.1.7",
                                "version_affected": "\u003c=",
                                "version_name": "0.1.35",
                                "version_value": "0.1.35"
                              },
                              {
                                "platform": "H0.1.9",
                                "version_affected": "\u003c",
                                "version_name": "0.1.35",
                                "version_value": "0.1.35"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unitree"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Discovered and reported by security researcher Kevin Finisterre"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://twitter.com/d0tslash/status/1555326302462394370",
                  "refsource": "MISC",
                  "url": "https://twitter.com/d0tslash/status/1555326302462394370"
                },
                {
                  "name": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729",
                  "refsource": "MISC",
                  "url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
                },
                {
                  "name": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf",
                  "refsource": "MISC",
                  "url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "EXTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2022-2675",
        "datePublished": "2022-08-05T17:01:52.182Z",
        "dateReserved": "2022-08-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:04.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }