CVE-2026-8233

Description

A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was contacted early about this disclosure.

CVSS Details

CVSS Score

4.6

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Dotouch XproUPF 2.0.0-release-088aa7c4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_vulnerability(target_ip, target_port):
    # Hypothetical endpoint for the UPF component
    url = f"http://{target_ip}:{target_port}/api/upf/protected_resource"
    
    # Simulate a low-privilege user session
    headers = {
        "User-Agent": "Vuln-Scanner/1.0",
        "Authorization": "Bearer low_priv_token_123"
    }

    try:
        # Send request to access restricted function
        response = requests.get(url, headers=headers, timeout=5)
        
        if response.status_code == 200:
            print("[+] Potential Vulnerability Detected!")
            print("[+] Access granted to protected resource without sufficient privileges.")
            return True
        else:
            print("[-] Access denied or endpoint not reachable.")
            return False
            
    except requests.exceptions.RequestException as e:
        print(f"Error connecting to target: {e}")
        return False

if __name__ == "__main__":
    target = "192.168.1.10" # Replace with actual target
    check_vulnerability(target, 8080)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-8233
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-8233
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-8233/
[4] VulDB https://vuldb.com/cve/CVE-2026-8233
[5] https://vuldb.com/submit/808799
[6] https://vuldb.com/vuln/362450
[7] https://vuldb.com/vuln/362450/cti
[8] https://vuldb.com/submit/808799

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-8233", "sourceIdentifier": "[email protected]", "published": "2026-05-10T06:16:08.993", "lastModified": "2026-05-11T18:16:43.940", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was contacted early about this disclosure."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P", "baseScore": 4.0, "accessVector": "ADJACENT_NETWORK", "accessComplexity": "HIGH", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 2.5, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://vuldb.com/submit/808799", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362450", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362450/cti", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/808799", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}