Sunway ForceControl Stack-Based Buffer Overflow Vulnerability in SNMP NetDBServer Service

A stack-based buffer overflow vulnerability has been identified in the SNMP NetDBServer service of Sunway ForceControl, affecting versions through 6.1 SP3. The vulnerability arises from improper bounds checking during packet parsing, allowing attacker-controlled data to overwrite the Structured Exception Handler (SEH). This exploitation can lead to arbitrary code execution in the context of the service. The vulnerability is present on Windows platforms and can be exploited remotely without authentication, potentially resulting in full system compromise.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, with the executed code running in the context of the vulnerable service. This could lead to a complete system compromise.

Reproduction

The vulnerability can be reproduced by sending a specially crafted SNMP packet to the NetDBServer service on TCP port 2001. The packet must include an overly long payload that exploits the buffer overflow by overwriting the Structured Exception Handler. This can be done using a custom script or a tool that allows for the manipulation of SNMP packets, such as the Metasploit Framework.