Obviously there's no way to protect a password sent as plain text over an unencrypted channel. Whatever the telnet client might do to hide it, you can simply tap the communication channel and read it.
There are some (more or less unusual telnet) extension providing encrypted authentication, these days SSH is the way to go. So if your embedded device supports SSH, there might be a way hide to the authentication information, at least from unexperienced users.