By using vulnerability in telnet: protocol handling it's possible to add -f option to telnet command line. help: protocol handler allows scripts execution via help: command.
vulners.com/securityvulns/securityvulns:doc:6219
vulners.com/securityvulns/securityvulns:doc:6221
vulners.com/securityvulns/securityvulns:doc:6225
vulners.com/securityvulns/securityvulns:doc:6258