TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote malicious users to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.
3com 3cdaemon 2.0