CVE-2022-2675

Published: Aug 5, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.

Affected (2)

Products: Unitree: Go 1 Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree Go 1 Firmware	Up to 0.1.35

Running on/with	Platform Versions
Unitree Go 1	Version h0.1.7

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree Go 1 Firmware	Before 0.1.35

Running on/with	Platform Versions
Unitree Go 1	Version h0.1.9

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729

Source: cve@rapid7.com

ProductThird Party Advisory

https://twitter.com/d0tslash/status/1555326302462394370

Source: cve@rapid7.com

Third Party Advisory

https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf

Source: cve@rapid7.com

ProductThird Party Advisory

https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://twitter.com/d0tslash/status/1555326302462394370

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.