Description
A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was contacted early about this disclosure.
Published: 2026-05-10
Score: 2.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

It involves an improper access control flaw in an unknown function of the UPF component within Dotouch XproUPF. The vulnerability allows a manipulated input to bypass intended permission boundaries, potentially granting an attacker unauthorized access to protected resources or configuration data. The weakness corresponds to authorization bypass (CWE‑266) and general improper access control (CWE‑284).

Affected Systems

Only the 2.0.0-release‑088aa7c4 build of Dotouch XproUPF is listed as affected. No other vendor versions are documented. The flaw resides in the UPF module, which is part of the network processing stack; therefore the impact is confined to systems running that specific build.

Risk and Exploitability

The CVSS score of 2.1 signals low severity, and no EPSS value is available, indicating limited known exploitation activity. The description notes high attack complexity and that exploitability is difficult. Whereas the exact attack vector is not supplied, it is reasonable to infer that the flaw would be exploited through remote or local manipulation of the UPF component’s management interface, requiring privileged access to the affected function. The flaw is not listed in the CISA KEV catalog, further suggesting the risk of widespread compromise is low, but the presence of improper access controls remains a concern for systems relying on strict privilege separation.

Generated by OpenCVE AI on May 10, 2026 at 07:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch for Dotouch XproUPF when it becomes available to fix the access‑control flaw.
  • Limit exposure of the UPF component by restricting its management interface to trusted networks and applying firewall or ACL rules.
  • Continuously monitor the UPF logs for anomalous access attempts and investigate any unauthorized activity.

Generated by OpenCVE AI on May 10, 2026 at 07:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 06:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was contacted early about this disclosure.
Title Dotouch XproUPF access control
Weaknesses CWE-266
CWE-284
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:A/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:ND'}

cvssV3_0

{'score': 4.6, 'vector': 'CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T05:30:13.586Z

Reserved: 2026-05-09T09:29:36.661Z

Link: CVE-2026-8233

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T06:16:08.993

Modified: 2026-05-10T06:16:08.993

Link: CVE-2026-8233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T08:00:08Z

Weaknesses