There is a format string vulnerability in Tftpd32 software. When the Tftpd server returns a string containing a specific format, the Tftpd32 client processes this string and displays it in an error message, triggering the vulnerability. This may be leveraged to perform remote command execution and denial of service attacks.
129ac1ce08dc48d6f6e5cda682240d0878e3ec98aa003011b5bd7848a62ed8a7