Skip to main content

EOS Network Tool EUVDEUVD-2026-37020

| CVE-2026-9260 MEDIUM
Use of Hard-coded Cryptographic Key (CWE-321)
2026-06-16 f98c90f0-e9bd-4fa7-911b-51993f3571fd GHSA-q354-79q7-wx65
6.9
CVSS 4.0 · Vendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Share

Severity by source

Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.2 MEDIUM

Hard-coded key resides in a locally accessible binary readable by any user, yielding high confidentiality loss with no integrity or availability impact.

3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd).

CVSS VectorVendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 00:29 vuln.today

DescriptionCVE.org

Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

AnalysisAI

Hard-coded cryptographic keys embedded in Canon EOS Network Setting Tool version 1.5.0 and earlier expose static decryption material to any local system user, enabling unauthorized decryption of protected network traffic or configuration data exchanged between the tool and Canon EOS cameras. The flaw is CWE-321 (Use of Hard-coded Cryptographic Key) and is classified as an information disclosure vulnerability with high confidentiality impact, bounded by the requirement for local system access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local access to host running EOS Network Tool
Delivery
Locate application binary on filesystem
Exploit
Extract hard-coded key via binary analysis
Execution
Capture or access encrypted network/configuration traffic
Persist
Decrypt traffic using recovered key
Impact
Access sensitive EOS camera configuration data

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to a system on which Canon EOS Network Setting Tool version 1.5.0 or earlier is installed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.9 (Medium) accurately reflects a real but meaningfully scoped risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained a local foothold on a workstation running Canon EOS Network Setting Tool version 1.5.0 or earlier runs a standard binary analysis utility - such as a strings extractor or disassembler - against the tool's executable to locate and recover the embedded cryptographic key. With the static key in hand, the attacker decrypts previously captured or locally stored network traffic between the tool and paired EOS cameras, exposing network configuration credentials or other sensitive setup data. …
Remediation The primary remediation is to update Canon EOS Network Setting Tool to the version specified in Canon's security advisories at https://psirt.canon/advisory-information/cp2026-005/ and https://www.usa.canon.com/about-us/to-our-customers/cpa2026-005-vulnerability-remediation-for-eos-network-setting-tool - an exact patched version number has not been independently confirmed from the available input data, so consult the advisory directly to identify the correct replacement release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37020 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy