Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network MITM with on-path attacker raises AC:H; victim must launch the tool (UI:R); only confidentiality of TLS traffic is impacted, so I:N and A:N.
Primary rating from Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd).
CVSS VectorVendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
AnalysisAI
Improper TLS certificate validation in Canon EOS Network Setting Tool version 1.5.0 and earlier allows network-positioned attackers to intercept communications between the tool and Canon servers via man-in-the-middle attacks. The flaw enables disclosure of sensitive information transmitted during camera network configuration, though no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must hold an on-path network position between the victim host running EOS Network Setting Tool 1.5.0 or earlier and the remote TLS endpoint (Canon backend or user-configured upload server). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N) shows a network-reachable, low-complexity, unauthenticated attack but with passive user interaction required and only confidentiality impact - no integrity or availability damage. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A photographer joins a conference or hotel Wi-Fi and launches the EOS Network Setting Tool to register a new FTP upload destination or web service. An attacker on the same network performs ARP spoofing and presents a forged TLS certificate to the tool, which fails to validate it and proceeds - letting the attacker observe credentials, account tokens, or configuration data transmitted to Canon's image.canon or registered upload endpoints. |
| Remediation | Patch available per vendor advisory - Canon PSIRT advisory CP2026-005 directs users to upgrade the EOS Network Setting Tool to a release later than 1.5.0; the exact fixed version is not enumerated in the provided data, so consult https://psirt.canon/advisory-information/cp2026-005/ and the regional pages (canon.jp, usa.canon.com, canon-europe.com) for the current download. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running Canon EOS Network Setting Tool version 1.5.0 and earlier, prioritizing production camera management networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Eos Network Setting Tool
View allWeak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent att
Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from an insecure default FTP co
Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from improper SSH host key vali
Hard-coded cryptographic keys embedded in Canon EOS Network Setting Tool version 1.5.0 and earlier expose static decrypt
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37019
GHSA-v5vr-c46f-3vhm