Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Go 1 by Unitree
CVE-2022-2675 (GCVE-0-2022-2675)
Vulnerability from nvd – Published: 2022-08-05 17:01 – Updated: 2024-09-16 16:33
VLAI
EPSS
VEX
Title
Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down
Summary
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.
Severity
No CVSS data available.
CWE
- CWE-285 - Improper Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://twitter.com/d0tslash/status/1555326302462394370 | x_refsource_MISC |
| https://fccid.io/2A5PE-YUSHU001/Users-Manual/User… | x_refsource_MISC |
| https://www.mybotshop.de/Datasheet/Unitree_A1_Use… | x_refsource_MISC |
Impacted products
Date Public
2022-08-04 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/d0tslash/status/1555326302462394370"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"H0.1.7"
],
"product": "Go 1",
"vendor": "Unitree",
"versions": [
{
"lessThanOrEqual": "0.1.35",
"status": "affected",
"version": "0.1.35",
"versionType": "custom"
}
]
},
{
"platforms": [
"H0.1.9"
],
"product": "Go 1",
"vendor": "Unitree",
"versions": [
{
"lessThan": "0.1.35",
"status": "affected",
"version": "0.1.35",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered and reported by security researcher Kevin Finisterre"
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T17:01:52.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/d0tslash/status/1555326302462394370"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unitree Go 1 \"Robot Dog\" Unauthenticated Remote Power Down",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-08-04T22:54:00.000Z",
"ID": "CVE-2022-2675",
"STATE": "PUBLIC",
"TITLE": "Unitree Go 1 \"Robot Dog\" Unauthenticated Remote Power Down"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Go 1",
"version": {
"version_data": [
{
"platform": "H0.1.7",
"version_affected": "\u003c=",
"version_name": "0.1.35",
"version_value": "0.1.35"
},
{
"platform": "H0.1.9",
"version_affected": "\u003c",
"version_name": "0.1.35",
"version_value": "0.1.35"
}
]
}
}
]
},
"vendor_name": "Unitree"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Discovered and reported by security researcher Kevin Finisterre"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/d0tslash/status/1555326302462394370",
"refsource": "MISC",
"url": "https://twitter.com/d0tslash/status/1555326302462394370"
},
{
"name": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729",
"refsource": "MISC",
"url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
},
{
"name": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf",
"refsource": "MISC",
"url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-2675",
"datePublished": "2022-08-05T17:01:52.182Z",
"dateReserved": "2022-08-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:33:04.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2675 (GCVE-0-2022-2675)
Vulnerability from cvelistv5 – Published: 2022-08-05 17:01 – Updated: 2024-09-16 16:33
VLAI
EPSS
VEX
Title
Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down
Summary
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.
Severity
No CVSS data available.
CWE
- CWE-285 - Improper Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://twitter.com/d0tslash/status/1555326302462394370 | x_refsource_MISC |
| https://fccid.io/2A5PE-YUSHU001/Users-Manual/User… | x_refsource_MISC |
| https://www.mybotshop.de/Datasheet/Unitree_A1_Use… | x_refsource_MISC |
Impacted products
Date Public
2022-08-04 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/d0tslash/status/1555326302462394370"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"H0.1.7"
],
"product": "Go 1",
"vendor": "Unitree",
"versions": [
{
"lessThanOrEqual": "0.1.35",
"status": "affected",
"version": "0.1.35",
"versionType": "custom"
}
]
},
{
"platforms": [
"H0.1.9"
],
"product": "Go 1",
"vendor": "Unitree",
"versions": [
{
"lessThan": "0.1.35",
"status": "affected",
"version": "0.1.35",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered and reported by security researcher Kevin Finisterre"
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T17:01:52.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/d0tslash/status/1555326302462394370"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unitree Go 1 \"Robot Dog\" Unauthenticated Remote Power Down",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-08-04T22:54:00.000Z",
"ID": "CVE-2022-2675",
"STATE": "PUBLIC",
"TITLE": "Unitree Go 1 \"Robot Dog\" Unauthenticated Remote Power Down"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Go 1",
"version": {
"version_data": [
{
"platform": "H0.1.7",
"version_affected": "\u003c=",
"version_name": "0.1.35",
"version_value": "0.1.35"
},
{
"platform": "H0.1.9",
"version_affected": "\u003c",
"version_name": "0.1.35",
"version_value": "0.1.35"
}
]
}
}
]
},
"vendor_name": "Unitree"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Discovered and reported by security researcher Kevin Finisterre"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/d0tslash/status/1555326302462394370",
"refsource": "MISC",
"url": "https://twitter.com/d0tslash/status/1555326302462394370"
},
{
"name": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729",
"refsource": "MISC",
"url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
},
{
"name": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf",
"refsource": "MISC",
"url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-2675",
"datePublished": "2022-08-05T17:01:52.182Z",
"dateReserved": "2022-08-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:33:04.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}