Vulnerability Description
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unitree | Go 1 Firmware | <= 0.1.35 |
| Unitree | Go 1 | h0.1.7 |
Related Weaknesses (CWE)
References
- https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729ProductThird Party Advisory
- https://twitter.com/d0tslash/status/1555326302462394370Third Party Advisory
- https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdfProductThird Party Advisory
- https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729ProductThird Party Advisory
- https://twitter.com/d0tslash/status/1555326302462394370Third Party Advisory
- https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdfProductThird Party Advisory
FAQ
What is CVE-2022-2675?
CVE-2022-2675 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without a...
How severe is CVE-2022-2675?
CVE-2022-2675 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2675?
Check the references section above for vendor advisories and patch information. Affected products include: Unitree Go 1 Firmware, Unitree Go 1.