製品・ソフトウェアに関する情報
Vulnerability Search
キヤノン製EOS Network Setting Toolにおける複数の脆弱性
Title キヤノン製EOS Network Setting Toolにおける複数の脆弱性
Summary

キヤノン株式会社が提供するPCソフトウェア EOS Network Setting ToolのFTP/FTPS/SFTP通信テスト機能には、次の複数の脆弱性が存在します。<a href='https://cwe.mitre.org/data/definitions/295.html' target='_blank'></a><a href='https://www.cve.org/CVERecord?id=CVE-2026-9258' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/295.html' target='_blank'></a><a href='https://www.cve.org/CVERecord?id=CVE-2026-9259' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/321.html' target='_blank'></a><a href='https://www.cve.org/CVERecord?id=CVE-2026-9260' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/327.html' target='_blank'></a><a href='https://www.cve.org/CVERecord?id=CVE-2026-9261' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/1188.html' target='_blank'></a><a href='https://www.cve.org/CVERecord?id=CVE-2026-9262' target='_blank'></a><ul><li>SSHホスト鍵の検証不備(CWE-295) - CVE-2026-9258</li><li>サーバ証明書の検証不備(CWE-295) - CVE-2026-9259</li><li>ハードコードされた暗号鍵の使用(CWE-321) - CVE-2026-9260</li><li>脆弱なSSH暗号アルゴリズムの使用(CWE-327) - CVE-2026-9261</li><li>FTP接続設定のデフォルトがセキュアプロトコルではない(CWE-1188) - CVE-2026-9262</li></ul>この脆弱性情報は、製品利用者への周知を目的に、開発者が JPCERT/CC に報告し、JPCERT/CC が開発者との調整を行いました。

Possible impacts 攻撃者によって、FTP/FTPS/SFTP通信テスト機能で使用する認証情報が取得される可能性があります。
Solution

[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。
Publication Date June 16, 2026, midnight
Registration Date June 17, 2026, 1:38 p.m.
Last Update June 17, 2026, 1:38 p.m.
CVSS3.0 : 警告
Score 6.5
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
No Changed Details Date of change
1 [2026年06月17日]
  掲載		 June 17, 2026, 1:38 p.m.
NVD Vulnerability Information
CVE-2026-9258
Summary

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Publication Date June 16, 2026, 9:16 a.m.
Registration Date June 17, 2026, 4:16 a.m.
Last Update June 16, 2026, 11:53 p.m.
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-9259
Summary

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Publication Date June 16, 2026, 9:16 a.m.
Registration Date June 17, 2026, 4:16 a.m.
Last Update June 16, 2026, 11:53 p.m.
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-9260
Summary

Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Publication Date June 16, 2026, 9:16 a.m.
Registration Date June 17, 2026, 4:16 a.m.
Last Update June 16, 2026, 11:53 p.m.
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-9261
Summary

Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Publication Date June 16, 2026, 9:16 a.m.
Registration Date June 17, 2026, 4:16 a.m.
Last Update June 16, 2026, 11:53 p.m.
Related information, measures and tools
Common Vulnerabilities List
CVE-2026-9262
Summary

Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Publication Date June 16, 2026, 9:16 a.m.
Registration Date June 17, 2026, 4:16 a.m.
Last Update June 16, 2026, 11:53 p.m.
Related information, measures and tools
Common Vulnerabilities List