Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unitree UPK files Hard-Coded Key
Vulnerability Description
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Unitree UPK 安全漏洞
Vulnerability Description
Unitree UPK是中国宇树(Unitree)公司的一个机器人更新固件包。 Unitree UPK存在安全漏洞,该漏洞源于用于保护固件更新的加密算法本身使用攻击者可获得的密钥材料加密,可能导致未经授权的用户篡改固件更新。
CVSS Information
N/A
Vulnerability Type
N/A