CVE-2025-2894

Medium CVSS: 6.6

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.

Vendor

Unitree

Product

Go1 Firmware

CWE

CWE-912

Yayın Tarihi

2025-03-28 03:15:18

Güncelleme

2026-01-12 16:10:59

Source Identifier

cve@takeonme.org

KEV Date Added

Kategoriler

CWE-912 Go1 Firmware MEDIUM Unitree 2025

Referanslar

https://github.com/MAVProxyUser/YushuTechUnitreeGo1/blob/main/Unitree_report.pdf https://github.com/unitreerobotics/unitree_ros/issues/120 https://takeonme.org/cves/cve-2025-2894/ https://www.axios.com/2025/04/01/threat-spotlight-backdoor-in-chinese-robots-future-of-cybersecurity https://x.com/d0tslash/status/1730989109332607208

Benzer Kayıtlar

High

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an a…

High

CVE-2026-27509

Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorizati…

Medium

CVE-2026-27510

Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.dogg…

High

CVE-2025-35027

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a com…

High

CVE-2025-45466

Unitree Go1

High

CVE-2025-45467

Unitree Go1