Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Unauthenticated network GET (AV:N/AC:L/PR:N/UI:N) leaks Wi‑Fi credentials and device identity giving C:H; no write or availability impact makes I:N/A:N with unchanged scope.
Primary rating from Vendor (certcc).
CVSS VectorVendor: certcc
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi‑Fi Direct credentials, unique device identity information, and other administrative security state details. When accessed through the web interface, these setting pages explicitly require administrator credentials before sensitive information is displayed.
AnalysisAI
Information disclosure in HP Deskjet 2800 Series printers running firmware TBP1CN2612AR or earlier lets an unauthenticated attacker on the network read sensitive configuration - including plaintext Wi‑Fi Direct credentials, device identity, and administrative security state - by sending plain GET requests to administrative API endpoints. The same data is gated behind administrator login in the web UI, so these API endpoints bypass the product's own access-control model. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only network reachability to the HP Deskjet 2800's embedded webserver and the ability to issue plain HTTP GET requests to its administrative API endpoints - no credentials, no user interaction, and default configuration are sufficient (AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5, High) is internally consistent with the description: a fully unauthenticated, low-complexity, network-reachable read of confidential data with no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who joins the same LAN or the printer's Wi‑Fi Direct network - for example a guest on an office or home Wi‑Fi - sends unauthenticated GET requests to the printer's administrative API endpoints and receives its Wi‑Fi Direct passphrase and device identity in plaintext. With those credentials the attacker connects to the device and pivots toward further network reconnaissance. … |
| Remediation | No vendor-released patch version is identified in the available data; the input specifies only the vulnerable ceiling (TBP1CN2612AR and earlier) with no fixed build, so consult the CERT/CC note at https://kb.cert.org/vuls/id/828543 and HP support for a firmware update and apply it once released. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all HP Deskjet 2800 Series printers on your network and confirm firmware versions; segregate affected units to a dedicated management VLAN with restricted access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41895
GHSA-mmv4-jxh6-w9r5