从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号: - TVN ID: TVN-202410026 - CVE ID: CVE-2024-10653 2. CVSS评分: - CVSS: 7.2 (High) - CVSS详细评分:AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 3. 受影响的产品: - IDEXpert from version 2.6.1 to 2.8.1.240620 4. 描述: - IDEXpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. 5. 解决方案: - Update to version 2.8.1.240731 or later, and it is recommended to enable the 'Connection IP Whitelist' feature on the administrator interface to reduce the risk of attack. 6. 信用: - yc, Xin-Yue Song (CHT Security) 7. 公开日期: - 2024-10-31 8. 链接: - 1. CVE-2024-10653 - 2. 中華資安公告 - 3. CHT Security Advisory 这些信息详细描述了漏洞的严重性、受影响的产品、漏洞的描述、解决方案以及相关的链接。