8.3
CVSSv2

CVE-2019-6000

Published: 06/08/2019 Updated: 16/08/2019
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and previous versions, EOS-1D X MKII firmware version 1.1.6 and previous versions, EOS-1D C firmware version 1.4.1 and previous versions, EOS 5D MARK III firmware version 1.3.5 and previous versions, EOS 5D MARK IV firmware version 1.2.0 and previous versions, EOS 5DS firmware version 1.1.2 and previous versions, EOS 5DS R firmware version 1.1.2 and previous versions, EOS 6D firmware version 1.1.8 and previous versions, EOS 6D MARK II firmware version 1.0.4 and previous versions, EOS 7D MARK II firmware version 1.1.2 and previous versions, EOS 70 D firmware version 1.1.2 and previous versions, EOS 80 D firmware version 1.0.2 and previous versions, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and previous versions, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and previous versions, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and previous versions, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and previous versions, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and previous versions, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and previous versions, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and previous versions, EOS 9000D / EOS 77D firmware version 1.0.2 and previous versions, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and previous versions, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and previous versions, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and previous versions, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and previous versions, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and previous versions, EOS R firmware version 1.3.0 and previous versions, EOS RP firmware version 1.2.0 and previous versions, EOS RP GOLD firmware version 1.2.0 and previous versions, EOS M2 firmware version 1.0.3 and previous versions, EOS M3 firmware version 1.2.0 and previous versions, EOS M5 firmware version 1.0.1 and previous versions, EOS M6 firmware version 1.0.1 and previous versions, EOS M6(China) firmware version 5.0.0 and previous versions, EOS M10 firmware version 1.1.0 and previous versions, EOS M100 firmware version 1.0.0 and previous versions, EOS KISS M / EOS M50 firmware version 1.0.2 and previous versions) and PowerShot SX740 HS firmware version 1.0.1 and previous versions, PowerShot SX70 HS firmware version 1.1.0 and previous versions, and PowerShot G5Xmark II firmware version 1.0.1 and previous versions allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

Vulnerability Trend

Affected Products

Vendor Product Versions
CanonEos-1d C Firmware1.4.1
CanonEos-1d X Firmware2.1.0
CanonEos-1d X Mkii Firmware1.1.6
CanonEos 100d Firmware1.0.1
CanonEos 1200d Firmware1.0.2
CanonEos 1200d Mg Firmware1.0.2
CanonEos 1300d Firmware1.1.0
CanonEos 1500d Firmware1.0.0
CanonEos 2000d Firmware1.0.0
CanonEos 200d Firmware1.0.1
CanonEos 250d Firmware1.0.1
CanonEos 3000d Firmware1.0.0
CanonEos 4000d Firmware1.0.0
CanonEos 5d Mark Iii Firmware1.3.5
CanonEos 5d Mark Iv Firmware1.2.0
CanonEos 5ds Firmware1.1.2
CanonEos 5ds R Firmware1.1.2
CanonEos 6d Firmware1.1.8
CanonEos 6d Mark Ii Firmware1.0.4
CanonEos 700d Firmware1.1.5
CanonEos 70d Firmware1.1.2
CanonEos 750d Firmware1.0.0
CanonEos 760d Firmware1.0.0
CanonEos 77d Firmware1.0.2
CanonEos 7d Mark Ii Firmware1.1.2
CanonEos 8000d Firmware1.0.0
CanonEos 800d Firmware1.0.1
CanonEos 80d Firmware1.0.2
CanonEos 9000d Firmware1.0.2
CanonEos D Rebel Sl1 Firmware1.0.1
CanonEos D Rebel Sl2 Firmware1.0.1
CanonEos D Rebel Sl3 Firmware1.0.1
CanonEos D Rebel T100 Firmware1.0.0
CanonEos D Rebel T5 Firmware1.0.2
CanonEos D Rebel T5 Re Firmware1.0.2
CanonEos D Rebel T5i Firmware1.1.5
CanonEos D Rebel T6 Firmware1.1.0
CanonEos D Rebel T6i Firmware1.0.0
CanonEos D Rebel T6s Firmware1.0.0
CanonEos D Rebel T7 Firmware1.0.0
CanonEos D Rebel T7i Firmware1.0.1
CanonEos Hi Firmware1.0.2
CanonEos Kiss M Firmware1.0.2
CanonEos Kiss X10 Firmware1.0.1
CanonEos Kiss X70 Firmware1.0.2
CanonEos Kiss X7 Firmware1.0.1
CanonEos Kiss X7i Firmware1.1.5
CanonEos Kiss X80 Firmware1.1.0
CanonEos Kiss X8i Firmware1.0.0
CanonEos Kiss X90 Firmware1.0.0
CanonEos Kiss X9 Firmware1.0.1
CanonEos Kiss X9i Firmware1.0.1
CanonEos M100 Firmware1.0.0
CanonEos M10 Firmware1.1.0
CanonEos M2 Firmware1.0.3
CanonEos M3 Firmware1.2.0
CanonEos M50 Firmware1.0.2
CanonEos M5 Firmware1.0.1
CanonEos M6(china) Firmware5.0.0
CanonEos M6 Firmware1.0.1
CanonEos R Firmware1.3.0
CanonEos Rp Firmware1.2.0
CanonEos Rp Gold Firmware1.2.0
CanonPowershot G5xmark Ii Firmware1.0.1
CanonPowershot Sx70 Hs Firmware1.1.0
CanonPowershot Sx740 Hs Firmware1.0.1

Recent Articles

DEF CON 2019: Picture Perfect Hack of a Canon EOS 80D DSLR
Threatpost • Tom Spring • 11 Aug 2019

LAS VEGAS – Multiple vulnerabilities in Canon’s DSLR camera firmware could allow an attacker to plant malware on devices and ransom images from users. The bugs, outlined in a session here at DEF CON, open the door to a range of hacks via a Wi-Fi network or a PC’s USB connection to a camera.
The research comes from Check Point that found six bugs when it reverse engineered Canon’s EOS 80D DSLR firmware. Eyal Itkin, the Check Point researcher giving the talk, said flaws were found in...