Approved changes feed: RSS · Atom
cpe:2.3:h:unitree:go2:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Unitree (6a056451-a5ae-5bdc-a853-ac076f310540) |
|---|---|
| Product | Go2 (69d2e2a4-3f3e-5a91-bad4-4082b9453886) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-27510 |
not_vulnerable | 2026-06-03 15:18:06.582441 |
Unitree Go2 Mobile Program Tampering Enables Root RCE
CRITICAL (9.6)
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLite database (unitree_go2.db, table dog_programme) and transmits the programme_text content, including the pyCode field, to the robot. The robot's actuator_manager.py executes the supplied Python as root without integrity verification or content validation. An attacker with local access to the Android device can tamper with the stored programme record to inject arbitrary Python that executes when the user triggers the program via a controller keybinding, and the malicious binding persists across reboots. Additionally, a malicious program shared through the application's community marketplace can result in arbitrary code execution on any robot that imports and runs it.
Published: 2026-02-26T18:56:56.654Z
Updated: 2026-05-25T23:41:48.069Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-27509 |
not_vulnerable | 2026-06-03 15:18:06.578252 |
Unitree Go2 Missing DDS Authentication Enables Adjacent RCE
HIGH (8)
Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publish a crafted message (api_id=1002) containing arbitrary Python, which the robot writes to disk under /unitree/etc/programming/ and binds to a physical controller keybinding. When the keybinding is pressed, the code executes as root and the binding persists across reboots.
Published: 2026-02-26T18:56:31.648Z
Updated: 2026-05-26T11:52:07.158Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-35027 |
not_vulnerable | 2026-06-03 15:00:51.891712 |
Unitree Multiple Robotic Products Command Injection
HIGH (7.3)
Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.
Published: 2025-09-26T06:53:49.585Z
Updated: 2025-10-07T21:10:12.489Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.