go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

CHANGING Information Technology IDExpert - OS Command Injection

TVN ID TVN-202410026
CVE ID CVE-2024-10653
CVSS 7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products IDExpert from version 2.6.1 to 2.8.1.240620.
Description IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server.
Solution Update to version 2.8.1.240731 or late, and it is recommended to enable the 'Connection IP Whitelist' feature on the administrator interface to reduce the risk of attack.
Credit yc, Xin-Yue Song(CHT Security)
Public Date 2024-10-31
Top