Add CVE-2022-2675, Unitree Robotics (#57)

2025-08-04 08:44:25 +00:00 · 2022-08-05 11:55:45 -05:00 · 2022-08-05 11:55:45 -05:00 · 0c30e2f1f5
commit 0c30e2f1f5
parent d83437c991
1 changed files with 100 additions and 16 deletions
--- a/2022/2xxx/CVE-2022-2675.json
+++ b/2022/2xxx/CVE-2022-2675.json
@ -1,18 +1,102 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-2675",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "Vulnogram 0.0.9"
+  },
+  "CVE_data_meta": {
+    "ID": "CVE-2022-2675",
+    "ASSIGNER": "cve@rapid7.com",
+    "DATE_PUBLIC": "2022-08-04T22:54:00.000Z",
+    "TITLE": "Unitree Go 1 \"Robot Dog\" Unauthenticated Remote Power Down",
+    "AKA": "",
+    "STATE": "PUBLIC"
+  },
+  "source": {
+    "defect": [],
+    "advisory": "",
+    "discovery": "EXTERNAL"
+  },
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Unitree",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Go 1",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "0.1.35",
+                      "version_affected": "<=",
+                      "version_value": "0.1.35",
+                      "platform": "H0.1.7"
+                    },
+                    {
+                      "version_name": "0.1.35",
+                      "version_affected": "<",
+                      "version_value": "0.1.35",
+                      "platform": "H0.1.9"
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
    }
-}
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "CWE-285 Improper Authorization"
+          }
+        ]
+      }
+    ]
+  },
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1."
+      }
+    ]
+  },
+  "references": {
+    "reference_data": [
+      {
+        "refsource": "MISC",
+        "url": "https://twitter.com/d0tslash/status/1555326302462394370",
+        "name": "https://twitter.com/d0tslash/status/1555326302462394370"
+      },
+      {
+        "refsource": "MISC",
+        "url": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729",
+        "name": "https://fccid.io/2A5PE-YUSHU001/Users-Manual/User-Manual-5810729"
+      },
+      {
+        "refsource": "MISC",
+        "url": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf",
+        "name": "https://www.mybotshop.de/Datasheet/Unitree_A1_User_Manual_v1.0.pdf"
+      }
+    ]
+  },
+  "configuration": [],
+  "exploit": [],
+  "work_around": [],
+  "solution": [],
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "Discovered and reported by security researcher Kevin Finisterre"
+    }
+  ]
+}