This page lists publicly disclosed CVE vulnerabilities affecting unitree go1_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-45466 | Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext. | [email protected] | 8.8 | 0.57% | 2025-07-25 | 2026-01-12 |
| CVE-2025-45467 | Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation. | [email protected] | 7.1 | 0.28% | 2025-07-25 | 2026-01-12 |
| CVE-2025-2894 | The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service. | [email protected] | 6.6 | 0.54% | 2025-03-28 | 2026-01-12 |