Mbedthis AppWeb HTTP server prior to 1.0.2 allows remote malicious users to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1.