cbcvebase.
CVE-2014-1677
published 2017-04-03

CVE-2014-1677: Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.

PriorityP273high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
18.17%
96.8th percentile
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.

Affected

1 ranges
VendorProductVersion rangeFixed in
technicolortc7200_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://192.168.0.1/goform/system/GatewaySettings.bin
pathgoform/system/GatewaySettings.bin
otherAES-ECB key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
bytes
4D4C6F67 (MLog marker in backup file)
  • Alert on HTTP GET requests for the path '/goform/system/GatewaySettings.bin' originating from LAN-side clients without a valid authenticated session.
  • The decrypted backup file contains a plaintext credential block identifiable by the 'MLog' magic string followed by admin username and password; scan downloaded .bin files for this pattern.
  • The encrypted backup file (GatewaySettings.bin) is decrypted with a hardcoded AES-256-ECB key; presence of this key in memory or network tooling indicates active exploitation of CVE-2014-1677.
  • The web interface does not use cookies and does not validate client IP; any LAN host accessing the management interface after an admin login should be treated as suspicious.
  • ·The fix for CVE-2014-1677 (AES encryption of the backup file) is bypassable: the encrypted file remains accessible without authentication, and a hardcoded default AES key is used when no password is set in the web interface.
  • ·Affected firmware versions include STD6.01.12 (original CVE) and STD6.02.11 (patched firmware still vulnerable via hardcoded AES key); firmware updates are ISP-controlled and cannot be applied by end users.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.