Shadowserver sees nearly 800,000 vulnerable servers worldwide after critical InetUtils vulnerability.
Security researchers at Shadowserver are tracking hundreds of thousands of Telnet servers worldwide that could be exploited via a newly discovered authentication bypass.
Almost 10,000 in Belgium and the Netherlands
According to Shadowserver, nearly 800,000 IP addresses with active Telnet installations are being tracked. More than 380,000 are located in Asia, nearly 170,000 in South America, and about 100,000 in Europe. In Belgium, there are 1777 and in the Netherlands 7098. Telnet is a legacy protocol that has largely been replaced by SSH. However, some outdated Linux installations or embedded and IoT devices that have not been updated for years still use it, writes Bleeping Computer.
The security vulnerability (CVE-2026-24061) affects the collection of network utilities called GNU InetUtils, including telnet/telnetd, ftp/ftpd, rsh/rshd, ping, and traceroute. It concerns versions 1.9.3 up to and including 2.7. The vulnerability has been fixed in the latest version (2.8).
GreyNoise reported that exploits surfaced a few days after the patch was released. Attackers primarily attempted to exploit root accounts and install malware. Administrators who cannot upgrade yet are advised to disable telnetd or block TCP port 23 via firewalls to prevent abuse.