Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-6000

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

Published

2019-08-06T19:15:14.443

Last Modified

2024-11-21T04:45:53.387

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	canon	eos-1d_x_firmware	≤ 2.1.0	Yes
Hardware	canon	eos-1d_x	-	No
Operating System	canon	eos-1d_x_mkii_firmware	≤ 1.1.6	Yes
Hardware	canon	eos-1d_x_mkii	-	No
Operating System	canon	eos-1d_c_firmware	≤ 1.4.1	Yes
Hardware	canon	eos-1d_c	-	No
Operating System	canon	eos_5d_mark_iii_firmware	≤ 1.3.5	Yes
Hardware	canon	eos_5d_mark_iii	-	No
Operating System	canon	eos_5d_mark_iv_firmware	≤ 1.2.0	Yes
Hardware	canon	eos_5d_mark_iv	-	No
Operating System	canon	eos_5ds_firmware	≤ 1.1.2	Yes
Hardware	canon	eos_5ds	-	No
Operating System	canon	eos_5ds_r_firmware	≤ 1.1.2	Yes
Hardware	canon	eos_5ds_r	-	No
Operating System	canon	eos_6d_firmware	≤ 1.1.8	Yes
Hardware	canon	eos_6d	-	No
Operating System	canon	eos_7d_mark_ii_firmware	≤ 1.1.2	Yes
Hardware	canon	eos_7d_mark_ii	-	No
Operating System	canon	eos_70d_firmware	≤ 1.1.2	Yes
Hardware	canon	eos_70d	-	No
Operating System	canon	eos_80d_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_80d	-	No
Operating System	canon	eos_kiss_x7i_firmware	≤ 1.1.5	Yes
Hardware	canon	eos_kiss_x7i	-	No
Operating System	canon	eos_d_rebel_t5i_firmware	≤ 1.1.5	Yes
Hardware	canon	eos_d_rebel_t5i	-	No
Operating System	canon	eos_700d_firmware	≤ 1.1.5	Yes
Hardware	canon	eos_700d	-	No
Operating System	canon	eos_kiss_x8i_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_kiss_x8i	-	No
Operating System	canon	eos_d_rebel_t6i_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_d_rebel_t6i	-	No
Operating System	canon	eos_750d_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_750d	-	No
Operating System	canon	eos_kiss_x9i_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_kiss_x9i	-	No
Operating System	canon	eos_d_rebel_t7i_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_d_rebel_t7i	-	No
Operating System	canon	eos_800d_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_800d	-	No
Operating System	canon	eos_kiss_x7_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_kiss_x7	-	No
Operating System	canon	eos_d_rebel_sl1_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_d_rebel_sl1	-	No
Operating System	canon	eos_100d_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_100d	-	No
Operating System	canon	eos_kiss_x9_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_kiss_x9	-	No
Operating System	canon	eos_d_rebel_sl2_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_d_rebel_sl2	-	No
Operating System	canon	eos_200d_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_200d	-	No
Operating System	canon	eos_kiss_x10_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_kiss_x10	-	No
Operating System	canon	eos_d_rebel_sl3_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_d_rebel_sl3	-	No
Operating System	canon	eos_200d_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_200d	-	No
Operating System	canon	eos_250d_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_250d	-	No
Operating System	canon	eos_8000d_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_8000d	-	No
Operating System	canon	eos_d_rebel_t6s_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_d_rebel_t6s	-	No
Operating System	canon	eos_760d_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_760d	-	No
Operating System	canon	eos_9000d_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_9000d	-	No
Operating System	canon	eos_77d_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_77d	-	No
Operating System	canon	eos_kiss_x70_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_kiss_x70	-	No
Operating System	canon	eos_d_rebel_t5_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_d_rebel_t5	-	No
Operating System	canon	eos_1200d_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_1200d	-	No
Operating System	canon	eos_d_rebel_t5_re_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_d_rebel_t5_re	-	No
Operating System	canon	eos_1200d_mg_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_1200d_mg	-	No
Operating System	canon	eos_hi_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_hi	-	No
Operating System	canon	eos_kiss_x80_firmware	≤ 1.1.0	Yes
Hardware	canon	eos_kiss_x80	-	No
Operating System	canon	eos_d_rebel_t6_firmware	≤ 1.1.0	Yes
Hardware	canon	eos_d_rebel_t6	-	No
Operating System	canon	eos_1300d_firmware	≤ 1.1.0	Yes
Hardware	canon	eos_1300d	-	No
Operating System	canon	eos_kiss_x90_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_kiss_x90	-	No
Operating System	canon	eos_d_rebel_t7_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_d_rebel_t7	-	No
Operating System	canon	eos_1500d_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_1500d	-	No
Operating System	canon	eos_2000d_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_2000d	-	No
Operating System	canon	eos_d_rebel_t100_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_d_rebel_t100	-	No
Operating System	canon	eos_3000d_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_3000d	-	No
Operating System	canon	eos_4000d_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_4000d	-	No
Operating System	canon	eos_r_firmware	≤ 1.3.0	Yes
Hardware	canon	eos_r	-	No
Operating System	canon	eos_rp_firmware	≤ 1.2.0	Yes
Hardware	canon	eos_rp	-	No
Operating System	canon	eos_rp_gold_firmware	≤ 1.2.0	Yes
Hardware	canon	eos_rp_gold	-	No
Operating System	canon	eos_m2_firmware	≤ 1.0.3	Yes
Hardware	canon	eos_m2	-	No
Operating System	canon	eos_m3_firmware	≤ 1.2.0	Yes
Hardware	canon	eos_m3	-	No
Operating System	canon	eos_m5_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_m5	-	No
Operating System	canon	eos_m6_firmware	≤ 1.0.1	Yes
Hardware	canon	eos_m6	-	No
Operating System	canon	eos_m6\(china\)_firmware	≤ 5.0.0	Yes
Hardware	canon	eos_m6\(china\)	-	No
Operating System	canon	eos_m10_firmware	≤ 1.1.0	Yes
Hardware	canon	eos_m10	-	No
Operating System	canon	eos_m100_firmware	≤ 1.0.0	Yes
Hardware	canon	eos_m100	-	No
Operating System	canon	eos_kiss_m_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_kiss_m	-	No
Operating System	canon	eos_m50_firmware	≤ 1.0.2	Yes
Hardware	canon	eos_m50	-	No
Operating System	canon	powershot_sx740_hs_firmware	≤ 1.0.1	Yes
Hardware	canon	powershot_sx740_hs	-	No
Operating System	canon	powershot_sx70_hs_firmware	≤ 1.1.0	Yes
Hardware	canon	powershot_sx70_hs	-	No
Operating System	canon	powershot_g5xmark_ii_firmware	≤ 1.0.1	Yes
Hardware	canon	powershot_g5xmark_ii	-	No
Operating System	canon	eos_6d_mark_ii_firmware	≤ 1.0.4	Yes
Hardware	canon	eos_6d_mark_ii	-	No

References

http://jvn.jp/en/vu/JVNVU97511331/index.html Third Party Advisory ([email protected])
https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html Vendor Advisory ([email protected])
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/ Exploit, Third Party Advisory ([email protected])
https://www.canon-europe.com/support/product-security/ Vendor Advisory ([email protected])
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras Vendor Advisory ([email protected])
http://jvn.jp/en/vu/JVNVU97511331/index.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.canon-europe.com/support/product-security/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)