Description
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Canon EOS Network Setting Tool for Windows and macOS establishes SSH connections to configure Canon EOS cameras. The tool does not validate the SSH host key presented by the device, which creates a certificate validation error (CWE‑295). Based on the description, it is inferred that an adversary who can intercept or modify the SSH traffic could supply a forged key and convince the tool to accept it. This flaw permits the attacker to read, modify, or inject commands into the management session, potentially compromising confidentiality and integrity of camera configurations.

Affected Systems

Canon Inc.'s EOS Network Setting Tool for Windows and macOS, versions 1.5.0 or earlier, is affected. Any installation of this tool that connects to Canon EOS cameras via its default SSH implementation is vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.1, indicating a high severity. The EPSS score is under 1 %, suggesting that exploitation is unlikely but not impossible. The flaw is not listed in the CISA KEV catalog. The likely attack vector is network; an attacker must gain network access or interpose between the tool and the camera. Once positioned, the attacker could replace the host key and establish an unauthorized session, thereby exposing the camera's configuration to manipulation.

Generated by OpenCVE AI on June 18, 2026 at 07:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Canon EOS Network Setting Tool to the latest release that incorporates proper SSH host‑key validation.
  • Restrict the tool’s outbound connections so that it can reach only trusted camera IP addresses, blocking external SSH traffic on port 22.
  • Before connecting, verify the device’s SSH host‑key fingerprint against the fingerprint provided by Canon; if the fingerprints do not match, abort the session.

Generated by OpenCVE AI on June 18, 2026 at 07:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Canon
Canon eos Network Setting Tool For Macos
Canon eos Network Setting Tool For Windows
Vendors & Products Canon
Canon eos Network Setting Tool For Macos
Canon eos Network Setting Tool For Windows

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Improper SSH Host Key Validation in Canon EOS Network Setting Tool

Tue, 16 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Improper SSH Host Key Validation in Canon EOS Network Setting Tool

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Description Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Canon Eos Network Setting Tool For Macos Eos Network Setting Tool For Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Canon

Published:

Updated: 2026-06-16T12:47:23.858Z

Reserved: 2026-05-21T23:14:48.638Z

Link: CVE-2026-9258

cve-icon Vulnrichment

Updated: 2026-06-16T12:47:18.774Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T00:16:35.460

Modified: 2026-06-16T14:53:25.910

Link: CVE-2026-9258

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:06:22Z

Weaknesses
  • CWE-295

    Improper Certificate Validation