CVE-2025-2894

MEDIUM Year: 2025
CVSS v3 Score
6.6
Medium
Weakness Type
CWE-912
View all →

Vulnerability Description

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.

Related Vulnerabilities

CVE-2023-4467

MEDIUM
CVSS:6.6(Medium)

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to...

CWE-9122023

CVE-2018-17919

MEDIUM
CVSS:6.5(Medium)

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/...

CWE-9122018

CVE-2023-22316

MEDIUM
CVSS:6.5(Medium)

Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH service...

CWE-9122023

CVE-2024-37990

HIGH
CVSS:6.5(Medium)

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF6...

CWE-9122024

CVE-2021-25371

MEDIUM
CVSS:6.7(Medium)

A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.

CWE-9122021

CVE-2022-1741

MEDIUM
CVSS:6.8(Medium)

The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious c...

CWE-9122022