6.5

CVE-2022-2675

EPSS 0.23%
Veröffentlicht 05.08.2022 17:15:08
Zuletzt bearbeitet 21.11.2024 07:01:29
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Unitree ≫ Go 1 Firmware Version <= 0.1.35

Unitree ≫ Go 1 Versionh0.1.7

Unitree ≫ Go 1 Firmware Version < 0.1.35

Unitree ≫ Go 1 Versionh0.1.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.455

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729

Third Party Advisory

Product

https://twitter.com/d0tslash/status/1555326302462394370

Third Party Advisory

https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf

Third Party Advisory

Product

https://nvd.nist.gov/vuln/detail/CVE-2022-2675

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2675

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2675

EUVD