Skip to main content

Canon EOS Network Setting Tool CVE-2026-9258

| EUVDEUVD-2026-37018 HIGH
Improper Certificate Validation (CWE-295)
2026-06-16 f98c90f0-e9bd-4fa7-911b-51993f3571fd GHSA-98v4-mv97-2f2x
7.1
CVSS 4.0 · Vendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Share

Severity by source

Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-reachable but requires an active MITM position (AC:H) and the victim to initiate a transfer (UI:R); no auth needed (PR:N); confidentiality-only impact per the description.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd).

CVSS VectorVendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 00:27 vuln.today

DescriptionCVE.org

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

AnalysisAI

Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from improper SSH host key validation (CWE-295), allowing network-positioned attackers to impersonate legitimate SSH endpoints and harvest credentials or configuration data transmitted by the tool. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:P, VC:H) indicates remote exploitation requiring user interaction with high confidentiality impact but no integrity or availability effects. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position on victim Wi-Fi or LAN
Delivery
Spoof destination SFTP server
Exploit
Victim launches EOS Network Setting Tool transfer
Execution
Tool accepts rogue host key without validation
Persist
Capture SFTP credentials and image stream
Impact
Relay to real server to avoid detection

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) the victim to actively initiate an SSH/SFTP connection from the EOS Network Setting Tool version 1.5.0 or earlier - consistent with the CVSS UI:P (passive user interaction) metric - and (2) the attacker to occupy a network man-in-the-middle position between the camera/tool host and the legitimate destination server (rogue Wi-Fi AP, ARP spoofing on a shared LAN, upstream ISP/router compromise, or DNS hijack). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base of 7.1 reflects a network-reachable, low-complexity issue with confidentiality-only impact (VC:H, VI:N, VA:N) requiring passive user interaction (UI:P) - consistent with a photographer initiating an SFTP transfer over an attacker-controlled network. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same Wi-Fi network as a photographer (for example, at a press event or hotel) sets up a rogue access point or performs ARP/DNS spoofing and presents an attacker-controlled SSH server when the EOS Network Setting Tool initiates an SFTP image transfer. Because the tool does not properly validate the host key, the session is established with the attacker, who captures the SFTP credentials and any uploaded image data in cleartext from the attacker's perspective. …
Remediation Patch available per vendor advisory - consult Canon PSIRT advisory CP2026-005 (https://psirt.canon/advisory-information/cp2026-005/) and the regional Canon support pages for the exact fixed version of the EOS Network Setting Tool, as the supplied input does not name a specific fixed build. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify and inventory all systems running Canon EOS Network Setting Tool version 1.5.0 or earlier, document their purpose and network location. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9258 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy