Intrusion Prevention



A vulnerability has been identified in TFTPD32, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a format string error when processing a specially crafted GET request containing a malformed filename, which could be exploited by attackers to crash a vulnerable application and possibly execute arbitrary code.

Affected Products

TFTPD32 version 2.81 and prior.


Denial of service

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References