PT-2025-35370 · Unknown · Sunway Forcecontrol
Published
2025-08-30
·
Updated
2025-08-30
·
CVE-2011-10032
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Sunway ForceControl versions 6.1 SP3 and earlier
Description
Sunway ForceControl versions 6.1 SP3 and earlier contain a stack-based buffer overflow in the SNMP NetDBServer service, listening on TCP port 2001. The issue occurs when the service receives a crafted packet using opcode 0x57 with an overly long payload. Improper bounds checking during packet parsing allows attacker-controlled data to overwrite the Structured Exception Handler (SEH), potentially enabling arbitrary code execution within the service context. This can be exploited remotely without authentication, potentially leading to full system compromise on affected Windows hosts.
Recommendations
Versions prior to 6.1 SP3 should be updated.
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sunway Forcecontrol