Description
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Published: 2026-06-15
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Canon EOS Network Setting Tool versions 1.5.0 and earlier embed a hard‑coded cryptographic key directly inside the executable. Based on the description, it is inferred that an attacker who can obtain the binary can extract the key and use it to decrypt traffic, sign forged commands, or otherwise compromise connectivity, thereby threatening the confidentiality and integrity of configuration exchanges over the network.

Affected Systems

Canon Inc.’s EOS Network Setting Tool for both Windows and macOS is affected when installed at version 1.5.0 or earlier; no further subversion details are provided.

Risk and Exploitability

The CVSS score of 6.9 signals moderate severity, while an EPSS of less than 1% suggests exploitation is unlikely to be widespread. The issue is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack path requires an adversary to obtain the tool binary or have local access; from there, the hard‑coded key can be extracted and employed for malicious actions. Without a publicly known exploit, the overall risk remains moderate but warrants proactive mitigation.

Generated by OpenCVE AI on June 17, 2026 at 00:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the EOS Network Setting Tool to a version newer than 1.5.0 that removes hard‑coded cryptographic keys
  • Limit installation and execution of the tool to trusted administrators and verify the binary with Canon’s published checksum or digital signature
  • Configure network controls to restrict the tool’s outbound traffic to only the devices it needs to manage

Generated by OpenCVE AI on June 17, 2026 at 00:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Hard‑coded Cryptographic Keys in Canon EOS Network Setting Tool

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Description Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Weaknesses CWE-321
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Canon

Published:

Updated: 2026-06-16T12:41:43.181Z

Reserved: 2026-05-21T23:14:51.893Z

Link: CVE-2026-9260

cve-icon Vulnrichment

Updated: 2026-06-16T12:41:39.614Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T00:16:35.757

Modified: 2026-06-16T14:53:25.910

Link: CVE-2026-9260

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:45:04Z

Weaknesses
  • CWE-321

    Use of Hard-coded Cryptographic Key