CVE-2022-2675

CVE-2022-2675: Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down

Vendor Unitree

Product Go 1

Weakness CWE-285

Published August 5, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.

Key dates

02Disclosure timeline

August 5, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2675 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability CVE-2026-3761 SourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorization CVE-2025-9151 LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization CVE-2026-10218 nextlevelbuilder GoClaw evolution_handlers.go auth improper authorization CVE-2023-22428

Identifiers

CVE CVE-2022-2675

CWE CWE-285

Affected versions

Vendor Unitree

Product Go 1

Affected ≥ 0.1.35 and ≤ 0.1.35

Vendor Unitree

Product Go 1

Affected ≥ 0.1.35 and < 0.1.35