Re: Telnetd Vulnerability Report

[Justin Swartz <justin.swartz () risingedge co za>]

On 2026-02-25 01:18, Eddie Chapman wrote:
> On 24/02/2026 20:33, Solar Designer wrote:
> > On Tue, Feb 24, 2026 at 05:05:58AM -0500, kf503bla () duck com wrote:
> > > Who uses telnet anyway? It's deprecated. Everyone uses ssh for any 
> > > kind of remote access.
> >
> > Indeed.  Yet:
> >
> > Quite many people surely do still use a telnet client to access 
> > various
> > older/smaller devices
>
> Yes. I would hazard a guess that the largest cohort of devices running 
> a telnet server are enterprise switches, gateways & routers. So many 
> times over the years I've been surprised to find a switch I'm 
> configuring has a telnet as well as the obligatory http(s) server 
> available for the admin to login via.
>
> Albeit to a lesser extent these days, and more likely BusyBox telnetd 
> than InetUtils. But switches are one of the most likely pieces of kit 
> to be forgotten about and left running for 10+ years in a closet 
> without a firmware update. There are a LOT of old switches running out 
> there.

There're also serial port concentrators, programmable automation 
controllers, remote telemetry units, protocol gateways, data 
aggregators, and PXI/LXI instrumentation out there that run some of 
telnet daemon - and you can be sure that it's not always busybox's 
telnetd implementation.