CVE-2026-13753
HP · HP 2800 Printer Series
A missing authorization vulnerability in the embedded webserver of HP 2800 Series Printers permits unauthenticated access to sensitive configuration or status data.
Executive summary
An unauthenticated authorization bypass in the embedded webserver of HP 2800 Series Printers allows potential unauthorized access to device functions.
Vulnerability
The embedded webserver fails to perform proper authorization checks (CWE-862), allowing an unauthenticated attacker to interact with the device interface over the network.
Business impact
With a CVSS score of 7.5, this vulnerability represents a high risk to information confidentiality. Unauthorized access to the printer's web interface may allow an attacker to view sensitive configuration details, modify network settings, or intercept print jobs, potentially leading to data leakage or denial of service within the office environment.
Remediation
Immediate Action: Check the official HP support portal for the latest firmware release beyond version TBP1CN2612AR and apply it to all affected units.
Proactive Monitoring: Review device access logs for unauthorized connections and monitor for unexpected changes to printer configurations or network settings.
Compensating Controls: Isolate printer management interfaces on a restricted VLAN and deploy firewall rules to ensure the webserver is only accessible to authorized administrative IP addresses.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability is highly automatable, increasing the risk of discovery by opportunistic attackers. Organizations should ensure these devices are not exposed to the public internet and should prioritize firmware updates as soon as they become available from the vendor.