OTPulse
FeedAboutContact

Moxa Moxa’s Response Regarding Remote Authentication Bypass in GNU Inetutils Telnetd (CVE-2026-24061)

Act NowMPSA-267181Mar 9, 2026
Summary

CVE-2026-24061 is a remote authentication bypass in GNU Inetutils telnetd (through version 2.7) that affects Moxa devices. An attacker can set the USER environment variable to "-f root" to gain root-level access without providing valid credentials. This vulnerability is actively exploited in the wild and has a 75.6% exploitation probability. Moxa has not released a patch for this vulnerability across all affected product versions.

What this means
What could happen
An attacker can bypass authentication on Moxa devices running telnetd and log in as the root user without providing a valid password. This allows complete control over device configuration, process parameters, and potential shutdown or malfunction of critical infrastructure operations.
Who's at risk
This affects any organization operating Moxa industrial networking equipment (gateways, switches, serial device servers, cellular gateways) that have telnet enabled for remote management. Critical for water utilities, electrical substations, and manufacturing facilities that rely on Moxa devices for SCADA connectivity and process monitoring.
How it could be exploited
An attacker connects to the telnet port (typically port 23) on the Moxa device and sets the USER environment variable to "-f root" before authentication. The vulnerable telnetd service accepts this value and grants root access without checking credentials, allowing the attacker to execute arbitrary commands on the device.
Prerequisites
  • Network access to telnet port (port 23) on the Moxa device
  • Telnet service must be running and accessible
  • No credentials required
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (75.6%)no patch availableaffects safety systems
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
Moxa’s Response Regarding Remote Authentication Bypass in GNU Inetutils Telnetd (CVE-2026-24061)All versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/3
WORKAROUNDImmediately disable telnet service if not required for operations; use SSH instead
HARDENINGRestrict network access to telnet port (port 23) using firewall rules to only authorized engineering workstations or management networks
HARDENINGMonitor for telnet connections and authentication attempts to affected Moxa devices
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa support for firmware update or security advisory regarding this CVE
View full Moxa Security advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/42114eb6-77e4-4d7c-a14a-cd447353b943
Moxa Moxa’s Response Regarding Remote Authentication Bypass in GNU Inetutils Telnetd (CVE-2026-24061) - OTPulse