CVE-2014-1677
published 2017-04-03CVE-2014-1677: Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
PriorityP273high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
18.17%
96.8th percentile
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| technicolor | tc7200_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
4D4C6F67 (MLog marker in backup file)
- →Alert on HTTP GET requests for the path '/goform/system/GatewaySettings.bin' originating from LAN-side clients without a valid authenticated session. ↗
- →The decrypted backup file contains a plaintext credential block identifiable by the 'MLog' magic string followed by admin username and password; scan downloaded .bin files for this pattern. ↗
- →The encrypted backup file (GatewaySettings.bin) is decrypted with a hardcoded AES-256-ECB key; presence of this key in memory or network tooling indicates active exploitation of CVE-2014-1677. ↗
- →The web interface does not use cookies and does not validate client IP; any LAN host accessing the management interface after an admin login should be treated as suspicious. ↗
- ·The fix for CVE-2014-1677 (AES encryption of the backup file) is bypassable: the encrypted file remains accessible without authentication, and a hardcoded default AES key is used when no password is set in the web interface. ↗
- ·Affected firmware versions include STD6.01.12 (original CVE) and STD6.02.11 (patched firmware still vulnerable via hardcoded AES key); firmware updates are ISP-controlled and cannot be applied by end users. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5phr-5283-mg7g: Technicolor TC7200 with firmware STD6
ghsa_unreviewed·2022-05-14
CVE-2014-1677 [HIGH] CWE-200 GHSA-5phr-5283-mg7g: Technicolor TC7200 with firmware STD6
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
VulnCheck
technicolor tc7200_firmware Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2014·CVSS 7.5
CVE-2014-1677 [HIGH] technicolor tc7200_firmware Exposure of Sensitive Information to an Unauthorized Actor
technicolor tc7200_firmware Exposure of Sensitive Information to an Unauthorized Actor
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
Affected: technicolor tc7200_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-07-02&host_type=src&vulnerability=cve-2014-1677; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-07-03&host_type=src&vulnerability=cve-2014-1677; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-07-04&host_type=src&vulnerability=cve
No detection rules found.
Exploit-DB
Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
exploitdb·2016-07-25·CVSS 7.5
[HIGH] Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
---
'''
Technicolor TC7200 modem/router multiple vulnerabilities
Platforms / Firmware confirmed affected:
- Technicolor TC7200, STD6.02.11
- Product page: http://www.technicolor.com/en/solutions-services/connected-home/broadband-devices/cable-modems-gateways/tc7200-tc7300
Vulnerabilities
Insecure session management
The web interface does not use cookies at all and does not check the IP
address of the client. If admin login is successful, every user from the
LAN can access the management interface.
Backup file encryption uses fix password
Technicolor fixed the CVE-2014-1677 by encrypting the backup file with
AES. However, the encrypted backup file remains accessible without
authentication and if the password is not
Exploit-DB
Technicolor TC7200 - Credentials Disclosure
exploitdb·2014-02-25·CVSS 7.5
CVE-2014-1677 [HIGH] Technicolor TC7200 - Credentials Disclosure
Technicolor TC7200 - Credentials Disclosure
---
# Exploit Title: Technicolor TC7200: Authentication Bypass
# Google Dork: N/A
# Date: 24-02-2014
# Exploit Author: Jeroen - IT Nerdbox
# Vendor Homepage: http://www.technicolor.com/
# Software Link: http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300
# Version: STD6.01.12
# Tested on: N/A
# CVE : CVE-2014-1677
#
## Description:
#
# Any user on the internal network can download a backup configuration file without authenticating first. The backup file contains
# the credentials to the administrative web interface.
#
## PoC:
#
# Download the file: http://192.168.0.1/goform/system/GatewaySettings.bin
#
# Using the command: $ hexedit -C GatewaySettings.bin
#
# 00006590 00 00 00 00
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2016/Jul/67http://www.exploit-db.com/exploits/31894http://www.securityfocus.com/archive/1/538955/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91578https://packetstormsecurity.com/files/125388http://seclists.org/fulldisclosure/2016/Jul/67http://www.exploit-db.com/exploits/31894http://www.securityfocus.com/archive/1/538955/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91578https://packetstormsecurity.com/files/125388
2017-04-03
Published
Exploited in the wild