Unitree Robots BLE Command Injection Vulnerability Allowing Root Access

A command injection vulnerability has been identified in the Bluetooth Low Energy (BLE) Wi-Fi configuration interface of Unitree robots, specifically the Go2, G1, H1, and B2 models, all through the latest firmware as of September 20, 2025. This vulnerability arises from hardcoded cryptographic keys, weak authentication, and unsanitized command inputs. Exploitation allows attackers to gain root access to the robots, with the added risk of this compromise spreading to other nearby Unitree robots via Bluetooth.

Impact

Exploitation of this vulnerability allows for complete control over the affected robot, including the execution of arbitrary commands with root privileges. This could lead to unauthorized access to sensitive data, manipulation of the robot's functions, or even physical harm if the robot is equipped with tools or weapons. The vulnerability's wormable nature means that an infected robot can automatically compromise other Unitree robots within Bluetooth range, creating a network of controlled devices.

Reproduction

The vulnerability can be reproduced by sending BLE packets encrypted with the hardcoded AES key and initialization vector. After decrypting the packets, the robot's receive manager processes them based on instruction codes. The injection occurs by exploiting the Wi-Fi SSID and password fields, which are then executed as commands when the robot attempts to connect to a Wi-Fi network. This can be automated with a Python-based exploit framework that includes predefined payloads.