Friday April 03, 2026

ngCERT SECURITY ADVISORY ON OPEN-TELNET VULNERABILITY AFFECTING NETWORK DEVICES

Advisory ID:   ngCERT-2026-030002

SUMMARY

ngCERT wishes to alert to a security vulnerability identified in network infrastructure devices with Open-Telnet (TCP Port 23) enabled. Telnet, a legacy remote administration protocol, transmits all data, including authentication credentials, in plaintext, making it highly unsecure. Successful exploitation may expose systems to potential unauthorised access and compromise in modern network environments.  Organisations are advised to disable Telnet, block port 23, and use SSH for secure remote access.

DESCRIPTION

Open-Telnet is a client-server protocol that allows remote terminal access over TCP/IP, typically using port 23. It transmits all data in plaintext and unencrypted, making sensitive information such as passwords and other data easy to intercept. Exposed services may allow remote access if credentials are weak or default and are susceptible to exploitation, including probing servers or exploiting vulnerabilities. Despite these risks, Telnet is still used for network diagnostics, troubleshooting, legacy system access, instructional purposes, and device configuration. Its unencrypted transmission and weak access controls make exposed systems highly vulnerable, emphasizing the need for secure alternatives such as SSH.

Damage:      Critical (CVSS score: 9.8)

Probability:  High

Platform(s):  Network Devices, Servers, IoT Devices, Routers, Switches, and Embedded Systems with Telnet Service Enabled

CONSEQUENCES

Systems with open Telnet services face the following risks:

    1. Unauthorized Access.
    2. Credential Theft.
    3. Privilege Escalation.
    4. Botnet Recruitment.
    5. Data Breach.
    6. Service Disruption. 

SOLUTION/MITIGATION

To mitigate against this vulnerability, ngCERT recommends the following:

    1. Disable Telnet and block TCP port 23 on all affected devices.
    2.  Replace Telnet with SSH for secure, encrypted remote access.
    3. Reset credentials and review logs for all affected systems.
    4. Enforce strong access controls and restrict remote access.
    5. Maintain updates and ongoing security monitoring.

HYPERLINK