CNNVD-202509-4182 Information

Sep 26, 2025 cve

CNNVD ID

CNNVD-202509-4182

CVE-2025-35027

CNNVD Published: 2025-09-26

Description (Chinese)

Unitree Go2等都是中国宇树（Unitree）公司的产品。Unitree Go2是一款机器狗。Unitree G1是一款人形机器人。Unitree H1是一款人形机器人。 Unitree多款产品存在安全漏洞，该漏洞源于通过BLE模块配置板载WiFi时未验证输入，可能导致命令注入攻击。以下产品受到影响：Unitree Go2、G1、H1和B2。

Description (English)

Unitree Go2 and others are products of Unitree China. Unitree Go2 is a machine dog. Unitree G1 is a human robot. Unitree H1 is a human robot. There is a safety gap in the Unitree multi-products, which results from the failure to verify the input through the BLE module configuration board on WiFi, which could lead to an order injection attack. The following products were affected: Unitree Go2, G1, H1 and B2.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

宇树

Published

2025-09-26

Last Modified

2026-02-24

References

https://github.com/Bin4ry/UniPwn https://spectrum.ieee.org/unitree-robot-exploit https://takeonme.org/cves/cve-2025-35027 https://www.cve.org/cverecord?id=CVE-2025-60017 https://www.cve.org/cverecord?id=CVE-2025-60250 https://x.com/committeeonccp/status/1971250635548033311

Share on: