1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Experts flag around 800,000 Telnet servers exposed to remote atta

    From TechnologyDaily@1337:1/100 to All on Tuesday, January 27, 2026 14:30:08
    Experts flag around 800,000 Telnet servers exposed to remote attacks - here's why users should be on their guard

    Date:
    Tue, 27 Jan 2026 14:15:00 +0000

    Description:
    Hackers are hunting for vulnerable endpoints to deploy Python malware.

    FULL STORY ======================================================================Critical
    Telnet flaw (CVE-2026-24061) exposes 800,000 devices worldwide Attackers
    gain root access, attempt Python malware deployment after bypassing authentication Patch released; users urged to disable Telnet or block port 23

    A major security vulnerability has been spotted in Telnet, an old remote-access tool, which is already being exploited on a fairly large scale, experts have warned.

    Researchers at Shadowserver said they saw almost 800,000 IP addresses with Telnet fingerprints, suggesting an enormous attack surface.

    Telnet is an old network protocol that allows users to remotely log into devices. Because it is outdated and insecure, it is not supposed to be
    exposed to the internet anymore, but hundreds of thousands of devices still are - especially older Linux systems, routers, and IoT devices. Patches and workarounds

    The authentication bypass vulnerability being abused is tracked as CVE-2026-24061 and was given a severity score of 9.8/10 (critical). It
    impacts GNU InetUtils versions 1.9.3 (released 11 years ago in 2015) through 2.7. It was fixed earlier this month, in version 2.8.

    Citing Shadowserver data, BleepingComputer noted the majority of devices with Telnet fingerprints are from Asia (380,000), followed by 170,000 from South America, and around 100,000 from Europe. We dont know how many of these devices have been secured against this vulnerability, but it is safe to
    assume that not all have.

    "We are ~800K telnet instances exposed globally - naturally, they should not be. [..] Telnet should not be publicly exposed, but often is especially on legacy iot devices," Shadowserver Foundation said in its report.

    The fix was released on January 20, and within a day, threat actors started probing for vulnerable endpoints, security researchers GreyNoise said. At first, at least 18 IP addresses made 60 Telnet sessions, gaining access to compromised devices without authentication. In the vast majority of cases (83%), the attackers obtained root access and used it to try deploying Python malware. Most of the attempts failed, though.

    Those that cannot apply the patch immediately should disable the telnetd service, or block TCP port 23 on all firewalls.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/experts-flag-around-800-000-telnet-serv ers-exposed-to-remote-attacks-heres-why-users-should-be-on-their-guard


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)