CVE-2025-35027

High CVSS: 7.3

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.

Vendor

Unitree

Product

G1 Firmware

CWE

CWE-78

Yayın Tarihi

2025-09-26 07:15:41

Güncelleme

2026-01-12 16:54:07

Source Identifier

cve@takeonme.org

KEV Date Added

Kategoriler

CWE-78 G1 Firmware HIGH Unitree 2025

Referanslar

https://github.com/Bin4ry/UniPwn https://spectrum.ieee.org/unitree-robot-exploit https://takeonme.org/cves/cve-2025-35027 https://www.cve.org/cverecord?id=CVE-2025-60017 https://www.cve.org/cverecord?id=CVE-2025-60250 https://x.com/committeeonccp/status/1971250635548033311 https://github.com/Bin4ry/UniPwn

Benzer Kayıtlar

High

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an a…

High

CVE-2026-27509

Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorizati…

Medium

CVE-2026-27510

Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.dogg…

High

CVE-2025-45466

Unitree Go1

High

CVE-2025-45467

Unitree Go1

Medium

CVE-2025-2894

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an u…