Skip to main content

Canon EOS Network Setting Tool EUVDEUVD-2026-37019

| CVE-2026-9259 HIGH
Improper Certificate Validation (CWE-295)
2026-06-16 f98c90f0-e9bd-4fa7-911b-51993f3571fd GHSA-v5vr-c46f-3vhm
7.1
CVSS 4.0 · Vendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Share

Severity by source

Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network MITM with on-path attacker raises AC:H; victim must launch the tool (UI:R); only confidentiality of TLS traffic is impacted, so I:N and A:N.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd).

CVSS VectorVendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 00:27 vuln.today

DescriptionCVE.org

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

AnalysisAI

Improper TLS certificate validation in Canon EOS Network Setting Tool version 1.5.0 and earlier allows network-positioned attackers to intercept communications between the tool and Canon servers via man-in-the-middle attacks. The flaw enables disclosure of sensitive information transmitted during camera network configuration, though no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position on victim's network path
Delivery
Wait for tool launch
Exploit
Intercept TLS handshake with forged certificate
Execution
Tool accepts invalid certificate
Persist
Decrypt and capture configuration traffic
Impact
Harvest credentials and upload tokens

Vulnerability AssessmentAI

Exploitation Attacker must hold an on-path network position between the victim host running EOS Network Setting Tool 1.5.0 or earlier and the remote TLS endpoint (Canon backend or user-configured upload server). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N) shows a network-reachable, low-complexity, unauthenticated attack but with passive user interaction required and only confidentiality impact - no integrity or availability damage. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A photographer joins a conference or hotel Wi-Fi and launches the EOS Network Setting Tool to register a new FTP upload destination or web service. An attacker on the same network performs ARP spoofing and presents a forged TLS certificate to the tool, which fails to validate it and proceeds - letting the attacker observe credentials, account tokens, or configuration data transmitted to Canon's image.canon or registered upload endpoints.
Remediation Patch available per vendor advisory - Canon PSIRT advisory CP2026-005 directs users to upgrade the EOS Network Setting Tool to a release later than 1.5.0; the exact fixed version is not enumerated in the provided data, so consult https://psirt.canon/advisory-information/cp2026-005/ and the regional pages (canon.jp, usa.canon.com, canon-europe.com) for the current download. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Canon EOS Network Setting Tool version 1.5.0 and earlier, prioritizing production camera management networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37019 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy