Sploit.io - Search

CVE-2025-60017

Severity: HIGH

Description: Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).

Affected Products:

• Unitree Go2 - Versions: 0
• Unitree G1 - Versions: 0
• Unitree H1 - Versions: 0
• Unitree B2 - Versions: 0

References:

• https://spectrum.ieee.org/unitree-robot-exploit
• https://github.com/Bin4ry/UniPwn
• https://news.ycombinator.com/item?id=45381590

CVE-2025-60250

Severity: MEDIUM

Description: Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV.

Affected Products:

• Unitree Go2 - Versions: 0
• Unitree G1 - Versions: 0
• Unitree H1 - Versions: 0
• Unitree B2 - Versions: 0

References:

• https://spectrum.ieee.org/unitree-robot-exploit
• https://github.com/Bin4ry/UniPwn
• https://news.ycombinator.com/item?id=45381590

CVE-2025-60251

Severity: MEDIUM

Description: Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring.

Affected Products:

• Unitree Go2 - Versions: 0
• Unitree G1 - Versions: 0
• Unitree H1 - Versions: 0
• Unitree B2 - Versions: 0

References:

• https://spectrum.ieee.org/unitree-robot-exploit
• https://github.com/Bin4ry/UniPwn
• https://news.ycombinator.com/item?id=45381590