A vulnerability has been identified in TFTPD32, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a format string error when processing a specially crafted GET request containing a malformed filename, which could be exploited by attackers to crash a vulnerable application and possibly execute arbitrary code.
TFTPD32 version 2.81 and prior.
Denial of service
Currently we are not aware of any vendor-supplied patches for this issue.