PT-2025-39469 · Unitree · Unitree B2+3
Published
2025-09-26
·
Updated
2025-10-05
·
CVE-2025-60017
CVSS v3.1
8.2
High
| Vector | AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Unitree Go2, G1, H1, and B2 devices through 2025-09-20
Description
The devices allow for root operating system command injection. This is possible through the
hostapd restart.sh script, specifically via the wifi ssid or wifi pass parameters within the restart wifi ap and restart wifi sta functions.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unitree B2
Unitree Go 1
Unitree Go2
Unitree H1