Telnet Exposure Across the EU: A Legacy Protocol That Refuses to Die
February 28, 2026
If FTP is legacy, Telnet is prehistoric.
Telnet was designed for remote command-line access in a world where encryption wasn’t even part of the conversation. It sends credentials in cleartext. No hashing. No TLS. No protection.
We pulled Shodan data for the 27 EU member states to see how much Telnet exposure still exists on the public internet. The results are more concerning than FTP.
Methodology
EU-27 country filter used:
AT, BE, BG, HR, CY, CZ, DK, EE, FI, FR, DE, GR, HU, IE, IT, LV, LT, LU, MT, NL, PL, PT, RO, SK, SI, ES, SE
Query used:
- Telnet exposure (port 23 responding)
This data is based solely on Shodan indexed results at the time of collection.
Total Telnet Exposure in the EU
Total exposed Telnet services: 121,174
Unlike FTP, Telnet has very few legitimate public-facing use cases today. Every instance is a direct entry point for automated attacks.
| Country | Telnet Services |
|---|---|
| Italy (IT) | 24,738 |
| Germany (DE) | 18,241 |
| France (FR) | 15,671 |
| Spain (ES) | 10,501 |
| Poland (PL) | 8,339 |
| Netherlands (NL) | 7,958 |
| Romania (RO) | 4,522 |
| Hungary (HU) | 4,084 |
| Czechia (CZ) | 4,075 |
| Sweden (SE) | 3,836 |
| Finland (FI) | 3,400 |
| Bulgaria (BG) | 2,792 |
| Portugal (PT) | 2,117 |
| Greece (GR) | 1,889 |
| Austria (AT) | 1,559 |
| Ireland (IE) | 1,344 |
| Denmark (DK) | 1,033 |
| Slovakia (SK) | 969 |
| Belgium (BE) | 723 |
| Lithuania (LT) | 704 |
| Croatia (HR) | 646 |
| Latvia (LV) | 627 |
| Slovenia (SI) | 534 |
| Estonia (EE) | 352 |
| Cyprus (CY) | 292 |
| Malta (MT) | 140 |
| Luxembourg (LU) | 88 |
Italy leads by a significant margin, followed by Germany and France. Unlike FTP, Telnet exposure is much harder to justify in a modern environment.
What Is Actually Exposed?
The product breakdown shows that this is primarily an embedded device problem, not a server problem.
| Product | Instances |
|---|---|
| BusyBox telnetd | 8,229 |
| OpenSSH (Misconfigured/Legacy) | 5,831 |
| Cisco router telnetd | 5,469 |
| Orinoco WAP telnetd | 1,194 |
| OneAccess ONE100A router telnetd | 536 |
| NASLite / Sveasoft telnetd | 524 |
| Microsoft Windows XP telnetd | 425 |
| Netgear / ZyXEL router telnetd | 379 |
| Dropbear sshd | 337 |
| DrayTek Vigor router telnetd | 144 |
The dominance of BusyBox and router-based services indicates that this exposure overwhelmingly consists of consumer routers, fiber modems, firewalls, and IoT devices like IP cameras and DVRs.
Is This a Security Problem?
From a pentester’s perspective, Telnet exposure is a high-confidence finding. Here’s why:
- Cleartext Credentials: Telnet transmits everything in plaintext. Anyone intercepting traffic between client and server can read usernames and passwords directly.
- Botnet Bait: Telnet is heavily targeted by automated botnets. Mirai-style malware specifically scans for exposed Telnet services to recruit devices into massive DDoS networks.
- Embedded Weakness: Exposed Telnet services frequently have default credentials, weak passwords, and outdated firmware with limited patching.
- Critical Footholds: Compromising a router or fiber modem allows for DNS hijacking, traffic interception, and quiet lateral movement inside the local network.
Unlike FTP, where anonymous access may sometimes be intentional (e.g., mirrors), Telnet almost never has a legitimate reason to be exposed publicly.
Comparison With FTP
- FTP exposure across the EU: 1.3 million
- Telnet exposure across the EU: 121,174
FTP is far more widespread, but Telnet is far more dangerous per instance. Telnet provides interactive shell access—a direct system entry point. While anonymous FTP might expose files, Telnet exposes control.
Related Research
Check out our corresponding analysis on FTP exposure:
FTP Exposure Across the EU: A Snapshot from Shodan DataFinal Thoughts
121,174 exposed Telnet services across the EU is not just a legacy artifact. It represents unmanaged embedded devices, remote administration enabled unnecessarily, and a persistent attack surface at the edge of the network.
Telnet is not just old. It is obsolete. From a security standpoint, its exposure should be treated as a remediation priority.