Unauthorized Access Vulnerability in HP Deskjet 2800 Printers Exposed

Unauthorized Access Vulnerability in HP Deskjet 2800 Printers Exposed

First seen 7 Jul 2026, 06:50 UTC Kb.CertFeedlyvulnerability.circl.ludb.gcve.euvulners.com+2 92% similarity 67.5

Article Content

Browse articles
ThreatCluster

HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR have a missing authorization vulnerability (CVE-2026-13753) that allows unauthenticated access to sensitive webserver API endpoints. Attackers can exploit this flaw to retrieve plaintext Wi-Fi Direct credentials, device identity information, and other administrative data. The vulnerability arises from a lack of authentication checks on backend API endpoints, which normally require admin credentials through the web interface. As of now, there is no available firmware patch from HP, and users are advised to restrict network access and disable unnecessary features to mitigate risks. The vulnerability was reported by researcher Nguyễn Tiến Dũng. The CVSS base score assigned to this vulnerability is 7.5, indicating a high severity level.

Key Points: • HP Deskjet 2800 Printers are vulnerable to CVE-2026-13753 due to missing authorization checks. • Attackers can access sensitive configuration data, including Wi-Fi credentials, without authentication. • No firmware patch is available; users should restrict network access to mitigate risks.

ThreatCluster AI

Timeline

2026-07-06
CVE-2026-13753 published
HP Deskjet 2800 Series Printers were found to have a missing authorization vulnerability affecting firmware version <=TBP1CN2612AR.
Kb.Cert
2026-07-06
Vulnerability details disclosed
The vulnerability allows unauthenticated access to sensitive API endpoints, exposing critical configuration data.
Feedly

Community

Browse all →