Authorization Flaw in Canon EOS Series Cameras and PowerShot Models
CVE-2019-5995

6.5MEDIUM

Key Information:

Vendor: Canon, Inc.
Status: Eos Series Digital Cameras, Powershot Sx740 Hs, Powershot Sx70 Hs, And Powershot G5xmarkⅱ
Vendor: CVE Published:; 6 August 2019

Summary

A missing authorization vulnerability exists within various EOS series digital cameras and PowerShot models, where exploiting this flaw could allow unauthorized application of specially crafted or unofficial firmware updates. This vulnerability affects a wide range of camera models across different firmware versions, potentially compromising the integrity of the devices and exposing users to unauthorized modifications without their consent.

Affected Version(s)

EOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ (EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D RE ...[truncated*]