- CVE: CVE-2026-13753
- CVSS: 7.5 (High · CVSSv3)
- Product: HP Inc. HP 2800 Printer Series
- Affected: ≤ TBP1CN2612AR.
- Impact: CVE-2026-13753
- Status: No confirmed exploitation yet
- EPSS: 0.3% (30-day)
- Action: See vendor advisory
TL;DR
Security researchers discovered an HP Deskjet missing authorization vulnerability in the 2800 printer series. This flaw, tracked as 13753, exposes sensitive device configuration data to unauthenticated attackers. Currently, researchers have not confirmed any active exploitation or public proof-of-concept code.
Why It Matters
Modern printers connect directly to corporate and home networks. This HP Deskjet missing authorization flaw leaks highly sensitive data. Exposed information includes Wi-Fi Direct credentials, plaintext passphrases, and SNMP configuration details. An attacker could use this data to gain unauthorized wireless access. They could also map out network integrations or impersonate the printer. This creates a direct path for further network compromise.
How the Attack Works
The printer web interface correctly demands administrator credentials for standard browser access. However, the backend API layer fails to validate session states. An attacker sends direct, unauthenticated GET requests to specific API endpoints. The device then responds with sensitive administrative configuration data. This bypasses the intended web interface security entirely.
Affected Versions
The vulnerability impacts HP Deskjet 2800 Series printers. Specifically, it affects devices running firmware version TBP1CN2612AR and earlier.
Patch or Mitigation Steps
HP has not yet released a firmware patch. Users must rely on immediate network mitigations to stay safe. Read the official security advisory for detailed tracking and updates. Isolate the printer on a trusted network segment. Disable Wi-Fi Direct if you do not actively use it. Limit SNMP access strictly to trusted management systems, or disable it completely. Finally, use firewall rules to block untrusted hosts from reaching the printer management ports.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.