The Broadband Guide
search advanced

Port 23 Details

known port assignments and vulnerabilities
threat/application/port search:
Port(s) Protocol Service Details Source
23 tcp telnet Telnet is one of the oldest Internet protocols and the most popular program for remote access to Unix machines. It has numerous security vulnerabilities [RFC 854]

Trojans that also use this port: Prosiak, Wingate, ADM worm, Aphex's Remote Packet Sniffer , AutoSpY, ButtMan, Fire HacKer, My Very Own trojan, Pest, RTB 666, Tiny Telnet Server - TTS, Truva Atl, Backdoor.Delf variants [Symantec-2003-050207-0707-99], Backdoor.Dagonit [Symantec-2005-092616-0858-99] (2005.09.26)

Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23.
References: [CVE-2012-1222], [BID-52061]

The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513.
References: [CVE-2012-4703]

Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23.
References: [CVE-2012-5345]

Hospira Lifecare PCA infusion pump running "SW ver 412" does not require authentication for Telnet sessions, which allows remote attackers to gain root privileges via TCP port 23.
References: [CVE-2015-3459]

Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.
References [CVE-2015-8286]

Hughes satellite modems contains default telnet service (port 23) account credentials. A remote attacker could exploit this vulnerability to gain administrative access on affected devices.
References: [CVE-2016-9495], [XFDB-122123]

An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.
References: [CVE-2018-12072]

Telestar Digital GmbH Imperial and Dabman Series I and D could allow a remote attacker to gain elevated privileges on the system, caused by the use of weak passwords with hardcoded credentials in an undocumented Telnet service (Telnetd) that connects to Port 23. A remote attacker could exploit this vulnerability to gain root access to the gadgets' embedded Linux BusyBox operating system.
References: [CVE-2019-13473], [XFDB-166724]

Multiple C-Data OLT devices are vulnerable to a denial of service, caused by a shawarma attack. By sending random bytes to the telnet server on port 23, a remote attacker could exploit this vulnerability to cause the device to reboot.
References: [CVE-2020-29057], [XFDB-192290]

An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.
References: [CVE-2021-27165]

TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
References: [CVE-2021-37555]

Backdoor.Win32.Agent.oj / Unauthenticated Remote Command Execution - unauthenticated Remote Command Execution Description: The malware listens on TCP port 23, upon connection to an infected host third-party attackers get handed a remote shell.
References: [MVID-2021-0197]

Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials - the malware listens on TCP port 23. Authentication is required, however the credentials test:test are weak and hardcoded within the PE file.
References: [MVID-2022-0568]
23 udp games Dungeon Siege II SG
23 tcp Telnet protocol - unencrypted text communications (official) Wikipedia
23 tcp trojan ADM worm, Aphex's Remote Packet Sniffer , AutoSpY, ButtMan, Fire HacKer, My Very Own trojan, Pest, RTB 666, Tiny Telnet Server - TTS, Truva Atl Trojans
23 tcp,udp applications TELNET Portforward
23 tcp ADMworm [trojan] ADM worm Neophasis
23 tcp FireHacKer [trojan] Fire HacKer Neophasis
23 tcp MyVeryOwntrojan [trojan] My Very Own trojan Neophasis
23 tcp RTB666 [trojan] RTB 666 Neophasis
23 tcp TelnetPro [trojan] Telnet Pro Neophasis
23 tcp TinyTelnetServer [trojan] Tiny Telnet Server - TTS Neophasis
23 tcp TruvaAtl [trojan] Truva Atl Neophasis
23 tcp threat Dagonit Bekkoame
23 tcp threat Fire HacKer Bekkoame
23 tcp threat MindControl Bekkoame
23 tcp threat Tiny Telnet Server - TTS Bekkoame
23 tcp threat Truva Atl Bekkoame
23 tcp,udp telnet Telnet [RFC854] IANA
18 records found
jump to:
previous next

Related ports: 161  513  1953  2323  9000  27378  26  73  230  

« back to SG Ports

External Resources
SANS Internet Storm Center: port 23

Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.

TCP ports use the Transmission Control Protocol, the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP.

UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol) and facilitates the transmission of datagrams from one computer to applications on another computer, but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.

When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them. This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command. We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software. For more detailed and personalized help please use our forums.

Please use the "Add Comment" button below to provide additional information or comments about port 23.
  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About