Solarwinds · Solarwinds Tftp Server · CVE-2006-1951
**Name of the Vulnerable Software and Affected Versions**
SolarWinds TFTP Server versions 8.1 and earlier
**Description**
The issue allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. This can be achieved by exploiting the directory traversal vulnerability.
**Recommendations**
For SolarWinds TFTP Server versions 8.1 and earlier, consider restricting access to the TFTP server until a patch is available. As a temporary workaround, disabling the ability to download files via GET requests may help minimize the risk of exploitation.