The vulnerabilities are rated CRITICAL due to their potential for remote code execution without authentication, leading to complete system compromise. The real-world exploitability is high, as no user interaction is required and the attack vector involves network packets.
Unitree robots are vulnerable to Remote Code Execution (RCE) via DDS packets, allowing attackers to execute arbitrary code and take control of the robot. This affects users who operate Unitree robots in environments where network security is compromised.
Affected Systems
- Unitree Robots
Affected Versions: all versions before firmware update 2.4.1
Remediation
- Apply firmware update to version 2.4.1 or later from official Unitree channels.
- Review and restrict network access to the robot's DDS communication ports.
- Implement strict firewall rules to block unauthorized access to the robot.
Stack Impact
This impacts specific configurations of robots running vulnerable firmware versions, but does not affect standard homelab components like nginx or docker directly.