VU#828543: HP Deskjet 2800 Pri... Note

VU#828543: HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability

HP Deskjet 2800 Series printers with firmware version TBP1CN2612AR or earlier have a critical authorization vulnerability. This flaw, tracked as CVE-2026-13753, allows unauthenticated access to the printer's web server API. Attackers can bypass normally required administrator credentials to obtain sensitive data. This exposed information includes Wi-Fi Direct credentials, management configuration details, and security-related data. The affected API endpoints do not validate session state or authentication before disclosing this information. Directly requesting data from these backend APIs bypasses the web interface's security measures. Exposed data could enable unauthorized wireless access and further network compromise. Unfortunately, HP has not yet released a firmware patch for this vulnerability. Users are advised to restrict network access to the printer's web interface and disable unnecessary features like Wi-Fi Direct and SNMP. Implementing firewall rules and access control lists is also recommended to mitigate risks.