Vulnerability Management

HP DeskJet 2800 series printers vulnerable to sensitive data exposure

(Adobe Stock)

HP DeskJet 2800 series printers are susceptible to a newly identified vulnerability, CVE-2026-13753, which allows unauthorized access to sensitive configuration data over a local network. The flaw affects devices running specific firmware versions, and no immediate fix is available, as reported by Cyber Insider.

The vulnerability, disclosed by the CERT Coordination Center (CERT/CC), stems from a lack of authorization checks in the printer's embedded web server. This allows unauthenticated requests to backend API endpoints that should be protected. Attackers on the same network can exploit this to retrieve critical information, including Wi-Fi Direct credentials, SNMP configuration, serial numbers, and administrative security settings. This data could be leveraged for unauthorized network access, reconnaissance, or further attacks.

CERT/CC was unable to coordinate the disclosure with HP, meaning a firmware update is not yet available. Until a patch is released, users are advised to limit access to the printer's web interface, place it on an isolated network, disable Wi-Fi Direct and SNMP if not necessary, and use firewall rules to restrict access. Disabling unused discovery and cloud services is also recommended.

Source: Cyber Insider

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds