Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Trivial Telnet authentication bypass exposes devices to complete takeover

Computers with Telnet open are in immediate danger of being compromised due to a critical vulnerability that allows attackers to bypass authentication.

The Telnet remote access protocol has long been superseded by the more secure and encrypted SSH, but many IoT and embedded devices have continued to ship with Telnet exposed on the LAN interface for debugging purposes over the years.

Making things worse, the vulnerability, now tracked as CVE-2026-24061, is trivial to exploit remotely, and because it has existed in the codebase for the past 11 years since version 1.9.3, it likely impacts many devices that are no longer supported and will not receive firmware updates.

Trivial exploitation

“The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter,” Simon Josefsson, a GNU contributor who submitted the patch, said on the OSS-SEC mailing list. “If the client supplies a carefully crafted USER environment value being the string “-f root”, and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes.”

In other words, the exploit is achieved with the simple command: USER=‘-f root’ telnet -a [host_ip]. This not only works against remote systems, but it can also serve as a privilege escalation exploit on the local machine if the telnet service (telnetd) is running.

Telnet is part of inetutils, the GNU network utilities package shipped with all Linux and other UNIX-based systems. Users are advised to deploy the patch as soon as possible or update to a patched version offered by their distribution. As a temporary mitigation, users are advised to either disable the telnet service entirely or filter access to it to only allow white-listed IP addresses.

Scan enterprise networks

The Telnet server should never be exposed to the internet in this day and age, but misconfigured servers and IoT devices that have it enabled continue to exist. These will be easily compromised by IoT worms and botnet malware. Malicious traffic monitoring service GreyNoise is already seeing attempts to exploit this vulnerability.

It’s more common to find Telnet exposed inside local networks, despite the fact that, given that it’s an obsolete program, it shouldn’t be used at all. Organizations should scan their networks and immediately isolate and firewall Telnet-enabled devices because all it takes is a malware infection on any other computer on the network for attackers to have an opportunity to exploit them. Executing this attack doesn’t require any special privileges, as low-privileged users can typically initiate telnet connections.

View the full article

User Feedback

Recommended Comments

There are no comments to display.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Add a comment...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.