Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable but requires an active MITM position (AC:H) and the victim to initiate a transfer (UI:R); no auth needed (PR:N); confidentiality-only impact per the description.
Primary rating from Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd).
CVSS VectorVendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
AnalysisAI
Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from improper SSH host key validation (CWE-295), allowing network-positioned attackers to impersonate legitimate SSH endpoints and harvest credentials or configuration data transmitted by the tool. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:P, VC:H) indicates remote exploitation requiring user interaction with high confidentiality impact but no integrity or availability effects. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) the victim to actively initiate an SSH/SFTP connection from the EOS Network Setting Tool version 1.5.0 or earlier - consistent with the CVSS UI:P (passive user interaction) metric - and (2) the attacker to occupy a network man-in-the-middle position between the camera/tool host and the legitimate destination server (rogue Wi-Fi AP, ARP spoofing on a shared LAN, upstream ISP/router compromise, or DNS hijack). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base of 7.1 reflects a network-reachable, low-complexity issue with confidentiality-only impact (VC:H, VI:N, VA:N) requiring passive user interaction (UI:P) - consistent with a photographer initiating an SFTP transfer over an attacker-controlled network. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same Wi-Fi network as a photographer (for example, at a press event or hotel) sets up a rogue access point or performs ARP/DNS spoofing and presents an attacker-controlled SSH server when the EOS Network Setting Tool initiates an SFTP image transfer. Because the tool does not properly validate the host key, the session is established with the attacker, who captures the SFTP credentials and any uploaded image data in cleartext from the attacker's perspective. … |
| Remediation | Patch available per vendor advisory - consult Canon PSIRT advisory CP2026-005 (https://psirt.canon/advisory-information/cp2026-005/) and the regional Canon support pages for the exact fixed version of the EOS Network Setting Tool, as the supplied input does not name a specific fixed build. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify and inventory all systems running Canon EOS Network Setting Tool version 1.5.0 or earlier, document their purpose and network location. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Eos Network Setting Tool
View allWeak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent att
Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from an insecure default FTP co
Improper TLS certificate validation in Canon EOS Network Setting Tool version 1.5.0 and earlier allows network-positione
Hard-coded cryptographic keys embedded in Canon EOS Network Setting Tool version 1.5.0 and earlier expose static decrypt
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37018
GHSA-98v4-mv97-2f2x