CVE-2025-60017 | Unitree Go2/G1/H1/B2 up to 2025-09-20 hostapd_restart.sh restart_wifi_ap/restart_wifi_sta wifi_ssid/wifi_pass os command injection

A vulnerability, which was classified as critical, has been found in Unitree Go2, G1, H1 and B2 up to 2025-09-20. Impacted is the function restart_wifi_ap/restart_wifi_sta of the file hostapd_restart.sh. Performing manipulation of the argument wifi_ssid/wifi_pass results in os command injection.

This vulnerability is known as CVE-2025-60017. Access to the local network is required for this attack. No exploit is available.VulDB Recent EntriesRead More