PT-2026-55961 · Hewlett Packard · Deskjet 2800 Series Printers
Nguyá N TiáºN Då©Ng
·
Published
2026-07-06
·
Updated
2026-07-06
·
CVE-2026-13753
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HP Deskjet 2800 Series Printers versions prior to TBP1CN2612AR
Description
A missing authorization flaw exists in the embedded webserver. An unauthenticated attacker with network access can bypass administrative controls by sending GET requests to multiple exposed administrative API endpoints. This allows the retrieval of sensitive configuration data, including plaintext Wi-Fi Direct credentials, unique device identity information such as serial numbers and service IDs, and other administrative security state details. While the web interface requires administrator credentials to view these pages, the backend API endpoints fail to validate session state or authentication.
Recommendations
Update the firmware to a version newer than TBP1CN2612AR.
Restrict printer network access to trusted internal segments.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Deskjet 2800 Series Printers