If moving it to another port from the OS is beyond the pale for you, your router should implement PAT (port translation) or forwarding, so that from the outside, users could connect on, say, 443 or 2323, and the router rewrites the segments to connect to your immutable port 23/tcp.

It makes no sense that IPv6 is treated differently than IPv4. If GNU telnetd is vulnerable and it's running on port 23/tcp, it will be found on IPv6. I would definitely not bind anything to listen on port 23 on any protocol, because I would expect it to become filtered shortly. Port 23 is permanently burned everywhere.

Conversely, a vintage PDP-10 telnetd is not affected by the CVE for GNU.

It is a classic rookie mistake to treat the two protocols differently, so if Tier-1 providers have done this, they must be overly optimistic, or foolish, or met with some technical obstacles, or perhaps OSI Layer 8?