CVE-2011-10032
CRITICALSunway ForceControl <6.1 SP3 - Buffer Overflow
Title source: llmDescription
Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18448
metasploit
WORKING POC
GREAT
by Luigi Auriemma, Rinat Ziyayev · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb
References (7)
Scores
CVSS v4
9.3
EPSS
0.6484
EPSS Percentile
98.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (1)
Sunway/ForceControl
< 6.1 SP3
Published
Aug 30, 2025
Tracked Since
Feb 18, 2026