Description
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier. This flaw allows an attacker to present a fraudulent or self‑signed certificate during the tool's network connection, bypassing the certificate verification process. The consequence is that the tool may accept connections from an impersonated server, enabling a man‑in‑the‑middle attack that could intercept or tamper with configuration data exchanged between the tool and the camera.

Affected Systems

Canon Inc. EOS Network Setting Tool for Windows and macOS, versions 1.5.0 or earlier.

Risk and Exploitability

The CVSS base score of 7.1 indicates a moderate impact with potential for remote exploitation. The EPSS score is below 1%, implying a very low probability that the vulnerability has been actively exploited in the wild as of this analysis. However, the failure to validate server certificates exposes users to MITM attacks when the tool communicates over untrusted networks. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 16, 2026 at 22:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest release of Canon EOS Network Setting Tool where server certificate validation has been corrected.
  • Disable the tool’s network functionality on untrusted networks or enforce strict network segmentation to limit exposure.
  • If available, configure certificate pinning or a trusted certificate authority list within the tool to ensure only legitimate server certificates are accepted.

Generated by OpenCVE AI on June 16, 2026 at 22:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Improper Server Certificate Validation in Canon EOS Network Setting Tool

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Description Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Canon

Published:

Updated: 2026-06-16T12:43:21.760Z

Reserved: 2026-05-21T23:14:50.204Z

Link: CVE-2026-9259

cve-icon Vulnrichment

Updated: 2026-06-16T12:43:17.763Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T00:16:35.623

Modified: 2026-06-16T14:53:25.910

Link: CVE-2026-9259

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:15:03Z

Weaknesses
  • CWE-295

    Improper Certificate Validation