The host is installed with PaperCut NG before 20.1.10, 21.x before 21.2.14, 22.x before 22.1.5, or 23.x before 23.0.7 and is prone to an incorrect authorization controls vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to leverage this vulnerability to enumerate some information from the embedded device APIs.