GCVE - cpe:2.3:o:unitree:go1_firmware:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:unitree:go1_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

Vendor	Unitree (`6a056451-a5ae-5bdc-a853-ac076f310540`)
Product	Go1 Firmware (`3a638d55-0035-5ba2-b649-5365ebcbc4c1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-45467`	vulnerable	2026-06-03 15:01:18.876459	Details available Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation. Published: 2025-07-25T00:00:00.000Z Updated: 2025-07-25T20:19:40.305Z Open on db.gcve.eu Reference links https://www.unitree.com/cn/go1 https://github.com/zgsnj123/CVE-2025-45467/tree/main	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-45466`	vulnerable	2026-06-03 15:01:18.875201	Details available Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext. Published: 2025-07-25T00:00:00.000Z Updated: 2025-07-25T15:31:59.738Z Open on db.gcve.eu Reference links https://www.unitree.com/cn/go1 https://github.com/zgsnj123/CVE-2025-45466	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2894`	vulnerable	2026-06-03 15:00:26.807629	Unitree Go1 Robot Dog Backdoor Control Channel MEDIUM (6.6) The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service. Published: 2025-03-28T02:51:19.768Z Updated: 2025-04-03T14:37:08.450Z Open on db.gcve.eu Reference links https://github.com/MAVProxyUser/YushuTechUnitreeGo1/blob/main/Unitree_report.pdf https://x.com/d0tslash/status/1730989109332607208 https://github.com/unitreerobotics/unitree_ros/issues/120 https://takeonme.org/cves/cve-2025-2894/ https://www.axios.com/2025/04/01/threat-spotlight-backdoor-in-chinese-robots-future-of-cybersecurity	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.