Skip to main content

Eos Network Setting Tool

5 CVEs product

Monthly

CVE-2026-9262 HIGH This Week

Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from an insecure default FTP configuration that transmits credentials and image data in cleartext over the network. Remote attackers positioned on the network path can intercept the unencrypted FTP traffic to capture authentication material and uploaded photographs. No public exploit identified at time of analysis, but the vulnerability is published with a Canon PSIRT advisory and CVSS 4.0 base score of 7.1.

Information Disclosure Eos Network Setting Tool
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-9261 HIGH This Week

Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.

Information Disclosure Eos Network Setting Tool
NVD
CVSS 4.0
7.6
EPSS
0.2%
CVE-2026-9260 MEDIUM This Month

Hard-coded cryptographic keys embedded in Canon EOS Network Setting Tool version 1.5.0 and earlier expose static decryption material to any local system user, enabling unauthorized decryption of protected network traffic or configuration data exchanged between the tool and Canon EOS cameras. The flaw is CWE-321 (Use of Hard-coded Cryptographic Key) and is classified as an information disclosure vulnerability with high confidentiality impact, bounded by the requirement for local system access. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Eos Network Setting Tool
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-9259 HIGH This Week

Improper TLS certificate validation in Canon EOS Network Setting Tool version 1.5.0 and earlier allows network-positioned attackers to intercept communications between the tool and Canon servers via man-in-the-middle attacks. The flaw enables disclosure of sensitive information transmitted during camera network configuration, though no public exploit identified at time of analysis. CVSS 4.0 score of 7.1 reflects high confidentiality impact but requires user interaction (UI:P) to be successful.

Information Disclosure Eos Network Setting Tool
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-9258 HIGH This Week

Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from improper SSH host key validation (CWE-295), allowing network-positioned attackers to impersonate legitimate SSH endpoints and harvest credentials or configuration data transmitted by the tool. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:P, VC:H) indicates remote exploitation requiring user interaction with high confidentiality impact but no integrity or availability effects. There is no public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Information Disclosure Eos Network Setting Tool
NVD
CVSS 4.0
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from an insecure default FTP configuration that transmits credentials and image data in cleartext over the network. Remote attackers positioned on the network path can intercept the unencrypted FTP traffic to capture authentication material and uploaded photographs. No public exploit identified at time of analysis, but the vulnerability is published with a Canon PSIRT advisory and CVSS 4.0 base score of 7.1.

Information Disclosure Eos Network Setting Tool
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.

Information Disclosure Eos Network Setting Tool
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Hard-coded cryptographic keys embedded in Canon EOS Network Setting Tool version 1.5.0 and earlier expose static decryption material to any local system user, enabling unauthorized decryption of protected network traffic or configuration data exchanged between the tool and Canon EOS cameras. The flaw is CWE-321 (Use of Hard-coded Cryptographic Key) and is classified as an information disclosure vulnerability with high confidentiality impact, bounded by the requirement for local system access. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Eos Network Setting Tool
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper TLS certificate validation in Canon EOS Network Setting Tool version 1.5.0 and earlier allows network-positioned attackers to intercept communications between the tool and Canon servers via man-in-the-middle attacks. The flaw enables disclosure of sensitive information transmitted during camera network configuration, though no public exploit identified at time of analysis. CVSS 4.0 score of 7.1 reflects high confidentiality impact but requires user interaction (UI:P) to be successful.

Information Disclosure Eos Network Setting Tool
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from improper SSH host key validation (CWE-295), allowing network-positioned attackers to impersonate legitimate SSH endpoints and harvest credentials or configuration data transmitted by the tool. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:P, VC:H) indicates remote exploitation requiring user interaction with high confidentiality impact but no integrity or availability effects. There is no public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Information Disclosure Eos Network Setting Tool
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy