A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi‑Fi Direct credentials, unique device identity information, and other administrative security state details. When accessed through the web interface, these setting pages explicitly require administrator credentials before sensitive information is displayed.
References
Configurations
No configuration.
History
06 Jul 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
06 Jul 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-06 19:16
Updated : 2026-07-06 20:16
NVD link : CVE-2026-13753
Mitre link : CVE-2026-13753
CVE.ORG link : CVE-2026-13753
JSON object : View
Products Affected
No product.
CWE
No CWE.
