Impact
The vulnerability stems from the Canon EOS Network Setting Tool default configuration using the standard FTP protocol, which transmits data in clear text. This allows an adversary to capture sensitive information such as network credentials, device configuration or other data exchanged during the tool's operation. The weakness aligns with CWE‑1188, where unsecured credentials and lack of encryption can lead to data exposure.
Affected Systems
The flaw affects Canon Inc. EOS Network Setting Tool for both Windows and macOS platforms, versions 1.5.0 and earlier.
Risk and Exploitability
The listed CVSS score of 7.1 indicates a high severity vulnerability, but its EPSS score of less than 1% suggests a low probability of exploitation at present, and it is not listed in the CISA KEV catalog. Attackers would need network access to reach the tool’s default FTP service, typically through port 21, and could intercept traffic or transfer data without encryption. Given the lack of encryption, a local or remote network adversary could read transmitted data and potentially manipulate configuration files if the tool’s write capabilities are exposed.
OpenCVE Enrichment