The host is installed with Sunway ForceControl 6.1 SP1, SP2, or SP3 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in httpsvr.exe, which fails to validate user supplied input. Successful exploitation could allow attackers to execute arbitrary code or crash the service.