Unitree: >> Go1 Firmware Security Vulnerabilities
Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-25
Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-25
The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
CVSS Score
6.6
EPSS Score
0.005
Published
2025-03-28