cbcvebase.
CVE-2011-10032
published 2025-08-30

CVE-2011-10032: Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port…

PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.27%
66.2th percentile
Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts.

Affected

1 ranges
VendorProductVersion rangeFixed in
sunwayforcecontrol<= 6.1 SP3

Detection & IOCsextracted from sources · hover to see the quote

portTCP/2001
commandopcode 0x57
processNetDBServer.exe
  • Monitor for inbound TCP connections to port 2001 targeting the Sunway ForceControl SNMP NetDBServer service; flag any packets containing opcode 0x57 with anomalously long payloads as potential exploitation attempts.
  • Alert on SEH (Structured Exception Handler) chain overwrites in the context of NetDBServer.exe, which is indicative of successful exploitation of this stack-based buffer overflow.
  • Flag unauthenticated remote connections to TCP/2001 on Windows SCADA hosts running Sunway ForceControl 6.1 SP3 or earlier, as exploitation requires no credentials.
  • ·The vulnerable service (SNMP NetDBServer) listens on TCP port 2001; network-level blocking or firewall rules restricting access to this port will mitigate remote exploitation.
  • ·Only Sunway ForceControl versions 6.1 SP3 and earlier are confirmed vulnerable; verify installed version before deploying detections to avoid false positives on patched systems.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.