PT-2026-33075 · Hewlett Packard · Deskjet 2855E+1
Published
2026-04-15
·
Updated
2026-04-16
·
CVE-2026-4682
CVSS v4.0
8.7
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
HP DeskJet 2800e Series (affected versions not specified)
HP DeskJet 2855e (affected versions not specified)
Description
Certain HP DeskJet All in One devices are subject to remote code execution due to a stack-based buffer overflow. This occurs when the multi-function printer improperly validates and handles specially crafted Web Services for Devices (WSD) scan requests. WSD Scan is a Microsoft Windows-based network scanning protocol that enables a PC to discover scanners and multi-function printers on a network and send scan jobs without needing vendor-specific drivers or utilities.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deskjet 2800E Series
Deskjet 2855E