Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unitree Multiple Robotic Products Command Injection
Vulnerability Description
Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Unitree多款产品 安全漏洞
Vulnerability Description
Unitree Go2等都是中国宇树(Unitree)公司的产品。Unitree Go2是一款机器狗。Unitree G1是一款人形机器人。Unitree H1是一款人形机器人。 Unitree多款产品存在安全漏洞,该漏洞源于通过BLE模块配置板载WiFi时未验证输入,可能导致命令注入攻击。以下产品受到影响:Unitree Go2、G1、H1和B2。
CVSS Information
N/A
Vulnerability Type
N/A