Mentioned by hdm here and here but I wanted to make a note of this myself. First thing to do is setup the scan to look for vulnerable telnetd services:

12345msf > use auxiliary/scanner/telnet/telnet_encrypt_overflow msf  auxiliary(telnet_encrypt_overflow) > set RHOSTS RHOSTS => msf  auxiliary(telnet_encrypt_overflow) > set THREADS 64 THREADS => 64

And now to run the scan

123456789101112131415msf  auxiliary(telnet_encrypt_overflow) > run [*] Does not support encryption: Netgear Embedded… Continue reading