Description
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from the Canon EOS Network Setting Tool default configuration using the standard FTP protocol, which transmits data in clear text. This allows an adversary to capture sensitive information such as network credentials, device configuration or other data exchanged during the tool's operation. The weakness aligns with CWE‑1188, where unsecured credentials and lack of encryption can lead to data exposure.

Affected Systems

The flaw affects Canon Inc. EOS Network Setting Tool for both Windows and macOS platforms, versions 1.5.0 and earlier.

Risk and Exploitability

The listed CVSS score of 7.1 indicates a high severity vulnerability, but its EPSS score of less than 1% suggests a low probability of exploitation at present, and it is not listed in the CISA KEV catalog. Attackers would need network access to reach the tool’s default FTP service, typically through port 21, and could intercept traffic or transfer data without encryption. Given the lack of encryption, a local or remote network adversary could read transmitted data and potentially manipulate configuration files if the tool’s write capabilities are exposed.

Generated by OpenCVE AI on June 18, 2026 at 00:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest EOS Network Setting Tool version where the default FTP configuration no longer uses clear‑text transfer.
  • Disable or remove the FTP service if the tool is not required to communicate over FTP.
  • Configure the tool to use a secure transport such as SFTP or HTTPS, or place it behind a VPN to protect traffic.
  • Refer to Canon advisory links for detailed instructions on changing the configuration or applying the patch.

Generated by OpenCVE AI on June 18, 2026 at 00:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Canon
Canon eos Network Setting Tool For Macos
Canon eos Network Setting Tool For Windows
Vendors & Products Canon
Canon eos Network Setting Tool For Macos
Canon eos Network Setting Tool For Windows

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Default FTP configuration enables insecure data transmission

Tue, 16 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Default FTP configuration enables insecure data transmission

Tue, 16 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Description Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Weaknesses CWE-1188
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Canon Eos Network Setting Tool For Macos Eos Network Setting Tool For Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Canon

Published:

Updated: 2026-06-16T15:01:31.260Z

Reserved: 2026-05-21T23:14:55.152Z

Link: CVE-2026-9262

cve-icon Vulnrichment

Updated: 2026-06-16T15:01:27.558Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-16T00:16:36.020

Modified: 2026-06-16T14:53:25.910

Link: CVE-2026-9262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:06:16Z

Weaknesses
  • CWE-1188

    Initialization of a Resource with an Insecure Default