Unitree Robots Command Injection Vulnerability via Bluetooth Low Energy

A command injection vulnerability allowing root access has been identified in Unitree robots, specifically the Go2, G1, H1, and B2 models, all through the latest firmware as of September 20, 2025. The issue arises from the Bluetooth Low Energy (BLE) Wi-Fi configuration interface, where encrypted packets can be manipulated to inject commands. This vulnerability is particularly concerning as it is 'wormable', meaning an infected robot can automatically compromise other nearby Unitree robots via BLE, creating a network of compromised devices.

Impact

Exploitation of this vulnerability allows for complete takeover of the affected robot, with root access enabling arbitrary command execution. The wormable nature of the vulnerability means that compromised robots can infect others in range, potentially leading to a fleet of infected robots under an attacker's control.

Reproduction

The vulnerability can be reproduced by sending a BLE packet encrypted with the hardcoded keys, including the string 'unitree' to authenticate. After gaining access, the 'init_wifi' command can be sent to set the Wi-Fi mode. The injection payload can then be placed in the 'wifi_ssid' or 'wifi_pass' parameters. Once the 'wifi country code' is set, the robot will execute the injected command with root privileges.

Remediation

Unitree users are advised to connect robots to isolated Wi-Fi networks and disable Bluetooth connectivity. However, a more permanent solution requires Unitree to address the underlying security flaws in their products.