Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-path MitM against tool-initiated SSH; AC:H for crypto downgrade, UI:R because user must run the tool, PR:N, C/I high from session exposure, no availability impact.
Primary rating from Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd).
CVSS VectorVendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
AnalysisAI
Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to actively initiate an SSH-backed configuration session from the Canon EOS Network Setting Tool (UI:P, user interaction needed) while the attacker is positioned on the network path between the tool and the camera so the weak algorithm can be negotiated or downgraded, and the attacker must execute a cryptographic attack against the legacy SSH primitive (AC:H). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 7.6 (High) is tempered by AC:H and UI:P, which mean exploitation requires both elevated attack complexity and active user interaction - typically a user-initiated SSH session via the tool that the attacker can intercept or influence on the network path. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A photographer at an event uses the EOS Network Setting Tool over event Wi-Fi to configure a camera; an attacker on the same network performs an active man-in-the-middle and forces the SSH handshake to negotiate a weak cipher or KEX, then decrypts or tampers with the configuration session to recover Wi-Fi credentials, FTP upload tokens, or image metadata. No public exploit is identified at time of analysis, but the underlying weak-algorithm class has well-known cryptanalytic tooling. |
| Remediation | Patch available per vendor advisory: update the Canon EOS Network Setting Tool to the fixed version published in Canon PSIRT advisory CP2026-005 (https://psirt.canon/advisory-information/cp2026-005/) and the regional Canon support pages (canon.jp, canon-europe.com, usa.canon.com URLs above); the exact fixed build number is not included in the input data and should be taken from those advisories. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Eos Network Setting Tool
View allInformation disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from an insecure default FTP co
Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from improper SSH host key vali
Improper TLS certificate validation in Canon EOS Network Setting Tool version 1.5.0 and earlier allows network-positione
Hard-coded cryptographic keys embedded in Canon EOS Network Setting Tool version 1.5.0 and earlier expose static decrypt
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37021
GHSA-7f48-x95j-2r8c