Description
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.
Published: 2026-02-18
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Information Disclosure
Action: Update Service
AI Analysis

Impact

A path‑traversal flaw in the AMR Printer Management 1.01 Beta web service allows an unauthenticated remote attacker to read arbitrary files on the underlying Windows system. Because the service operates with elevated privileges and does not require authentication, the attacker can access sensitive system files, leading to disclosure of confidential internal information. The weakness corresponds to CWE‑22, where an attacker abuses inadequate path verification to reach files outside the intended directory.

Affected Systems

The only affected product listed is the AMR Printer Management Beta web service, version 1.01, running on Windows. No other vendor or product details are provided. The CPE string indicates the specific service and version, confirming that this vulnerability is confined to the AMR 1.01 Beta release.

Risk and Exploitability

The CVSS base score of 8.7 rates the vulnerability as high severity, while the EPSS score of less than 1% indicates a low yet non‑zero probability of exploitation currently. The advisory notes that the vulnerability is not listed in the CISA KEV catalog. An attacker would simply send a crafted request containing a path traversal payload to the unprotected management endpoint, read any file path, and thereby compromise confidentiality. The lack of authentication and high privilege level increase the potential impact of a successful exploit.

Generated by OpenCVE AI on April 18, 2026 at 11:59 UTC.

Remediation

Vendor Solution

The manufacturer claims to have fixed the vulnerability.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied fix that addresses the directory traversal issue in AMR Printer Management 1.01 Beta.
  • Restrict network access to the management interface by configuring firewalls or network segmentation so that only trusted administrative hosts can reach the service.
  • Implement log monitoring for anomalous file‑access attempts or unusual HTTP requests that include traversal sequences.

Generated by OpenCVE AI on April 18, 2026 at 11:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Description Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.
Title Directory Traversal in AMR Printer Management by AMR
First Time appeared Amr
Amr amr Printer Management Beta Web Service
Weaknesses CWE-22
CPEs cpe:2.3:a:amr:amr_printer_management_beta_web_service:1.01:*:*:*:*:*:*:*
Vendors & Products Amr
Amr amr Printer Management Beta Web Service
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Amr Amr Printer Management Beta Web Service
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-02-18T14:47:38.856Z

Reserved: 2026-02-13T12:10:06.897Z

Link: CVE-2026-2464

cve-icon Vulnrichment

Updated: 2026-02-18T14:47:30.515Z

cve-icon NVD

Status : Deferred

Published: 2026-02-18T14:16:07.120

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2464

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:00:05Z

Weaknesses