QwikSec

Security Database

CVE

CWE

Training

CVE-2011-10032

Published: Aug 30, 2025

Modified: May 15, 2026

PUBLISHED

Description

Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts.

Vendor	Product	Versions
Sunway	ForceControl	affected `0 - <= 6.1 SP3`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb

exploit

https://www.exploit-db.com/exploits/18448

exploit

https://www.fortiguard.com/encyclopedia/ips/29449

third-party-advisory

http://aluigi.altervista.org/adv/forcecontrol_1-adv.txt

technical-description

exploit

http://www.sunwayland.com/

product

https://web.archive.org/web/20110611043512/http://www.sunwayland.com.cn/pro.asp

product

https://www.vulncheck.com/advisories/sunway-forcecontrol-snmp-netdbserver-opcode

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.