Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-observable cleartext FTP with no auth needed by the attacker, but the victim must actually perform an FTP upload (UI:R); only confidentiality of credentials and images is impacted.
Primary rating from Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd).
CVSS VectorVendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
AnalysisAI
Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from an insecure default FTP configuration that transmits credentials and image data in cleartext over the network. Remote attackers positioned on the network path can intercept the unencrypted FTP traffic to capture authentication material and uploaded photographs. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to actively use the FTP upload feature configured by Canon EOS Network Setting Tool 1.5.0 or earlier with its default (plaintext FTP) protocol selection - this maps to the UI:P (passive user interaction) component of the CVSS vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N) describes a network-reachable, low-complexity, unauthenticated flaw with high confidentiality impact and no integrity or availability impact, requiring passive user interaction (the photographer actually using the FTP upload feature). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A photographer at a press event uses Canon EOS Network Setting Tool defaults to upload images via FTP to a publishing server over conference Wi-Fi. An attacker on the same wireless segment runs a passive sniffer (e.g., Wireshark with an ftp filter) and captures the FTP USER/PASS exchange in cleartext together with the JPEG payloads, gaining both server credentials and embargoed imagery without any active exploitation of the camera or tool. |
| Remediation | Patch status from the available data is ambiguous: no exact fix version was provided in the input, so treat this as 'patch available per vendor advisory' and consult Canon PSIRT advisory CP2026-005 (https://psirt.canon/advisory-information/cp2026-005/) along with the regional Canon support pages for an updated version of the EOS Network Setting Tool and instructions. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Canon EOS Network Setting Tool 1.5.0 and earlier installations; restrict usage to air-gapped networks only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Eos Network Setting Tool
View allWeak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent att
Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from improper SSH host key vali
Improper TLS certificate validation in Canon EOS Network Setting Tool version 1.5.0 and earlier allows network-positione
Hard-coded cryptographic keys embedded in Canon EOS Network Setting Tool version 1.5.0 and earlier expose static decrypt
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37022
GHSA-hpfm-h576-jwmh