{"vuid":"VU#828543","idnumber":"828543","name":"HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability","keywords":null,"overview":"### Overview\r\nHP Printers in the Deskjet 2800 Series running firmware version <=TBP1CN2612AR contain a missing authorization vulnerability tracked as [CVE-2026-13753](https://www.cve.org/CVERecord?id=CVE-2026-13753). This vulnerability allows unauthenticated access to the printer's webserver API endpoints, exposing Wi-Fi credentials, management configuration details, and sensitive security data normally restricted to administrative users.\r\n\r\n### Description\r\nModern HP printers provide a web-based management interface for configuring content such as Wi-Fi Direct settings, SNMP management access, and device security options. When accessed normally through the browser interface, these pages explicitly require administrator credentials before sensitive information is displayed. This information is protected because, for example, Wi-Fi Direct controls the printer's direct wireless connectivity, and SNMP configuration settings can reveal detailed information about the device's monitoring and management controls.\r\n\r\nIn affected firmware versions, the authorization requirement can be bypassed by sending direct, unauthenticated GET requests to multiple backend API endpoints. The affected endpoints return administrative configuration data without validating session state or authentication, including the Wi-Fi Direct SSID and plaintext passphrase, unique printer serial numbers and service IDs, and details about the device's administrative password state. This information is freely disclosed even though the corresponding web interface pages correctly enforce authentication, indicating an authorization flaw in the API layer.\r\n\r\n### Impact\r\nA remote attacker with network access to the printer can bypass the web interface's authentication requirements and retrieve sensitive configuration data directly from backend APIs. Exposed information includes Wi-Fi Direct credentials, SNMP configuration details, device identity information, cloud service registration metadata, and other information involving the device's administrative security state. An attacker could use this information to gain unauthorized wireless access, perform reconnaissance on network or cloud integrations, impersonate the device, or facilitate further compromise of the printing environment.\r\n\r\n### Solution\r\nUnfortunately, we were unable to reach HP to coordinate this vulnerability, so a firmware patch is not yet available. To limit the risk of this vulnerability, users should restrict network access to the printer's web interface by placing the device on a trusted or isolated network segment, disable Wi‑Fi Direct if it is not required, and limit SNMP access to trusted systems or disable it entirely. Firewall or access-control list (ACL) rules should be used to prevent untrusted hosts from reaching the printer's management ports, and discovery or cloud service features that are not needed should be disabled. \r\n\r\n### Acknowledgements\r\nThanks to Nguyễn Tiến Dũng for researching and reporting this vulnerability. This document was written by Molly Jaconski.","clean_desc":null,"impact":null,"resolution":null,"workarounds":null,"sysaffected":null,"thanks":null,"author":null,"public":[],"cveids":["CVE-2026-13753"],"certadvisory":null,"uscerttechnicalalert":null,"datecreated":"2026-07-06T17:59:25.568360Z","publicdate":"2026-07-06T17:59:25.439487Z","datefirstpublished":"2026-07-06T17:59:25.586162Z","dateupdated":"2026-07-06T18:01:30.646871Z","revision":2,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":null,"cvss_basevector":null,"cvss_temporalscore":null,"cvss_environmentalscore":null,"cvss_environmentalvector":null,"metric":null,"vulnote":211}