CVE-2026-4606

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user. Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. Any ERM function invoking Windows file open/save dialogs exposes the same risk. This vulnerability allows local privilege escalation and may result in full system compromise.

CVSS

No CVSS.

References

Link	Resource
https://https://www.geovision.com.tw/cyber_security.php

Configurations

No configuration.

History

19 May 2026, 15:22

Type	Values Removed	Values Added
Summary		(es) GV Edge Recording Manager (ERM) v2.3.1 ejecuta incorrectamente los componentes de la aplicación con privilegios de nivel SYSTEM, permitiendo a cualquier usuario local obtener control total del sistema operativo. Durante la instalación, ERM crea un servicio de Windows que se ejecuta bajo la cuenta LocalSystem. Cuando se inicia la aplicación ERM, se generan procesos relacionados bajo privilegios SYSTEM en lugar del contexto de seguridad del usuario que ha iniciado sesión. Funciones como 'Importar Datos' abren un cuadro de diálogo de archivos de Windows que opera con permisos SYSTEM, lo que permite la modificación o eliminación de archivos y directorios del sistema protegidos. Cualquier función de ERM que invoque cuadros de diálogo de abrir/guardar archivos de Windows expone el mismo riesgo. Esta vulnerabilidad permite la escalada de privilegios local y puede resultar en un compromiso total del sistema.

23 Mar 2026, 02:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-23 02:16

Updated : 2026-05-19 15:22

NVD link : CVE-2026-4606

Mitre link : CVE-2026-4606

CVE.ORG link : CVE-2026-4606

JSON object : View

Products Affected

No product.

CWE

CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2026-4606", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "0df08a0e-a200-4957-9bb0-084f562506f9", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "IRRECOVERABLE", "baseScore": 10.0, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:C/RE:M/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-23T02:16:05.213", "references": [{"url": "https://https://www.geovision.com.tw/cyber_security.php", "source": "0df08a0e-a200-4957-9bb0-084f562506f9"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "0df08a0e-a200-4957-9bb0-084f562506f9", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.\u00a0\n\nDuring installation, ERM creates a Windows service that runs under the LocalSystem account.\u00a0\n\nWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.\u00a0\n\nFunctions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.\u00a0\n\nAny ERM function invoking Windows file open/save dialogs exposes the same risk.\u00a0\n\nThis vulnerability allows local privilege escalation and may result in full system compromise."}, {"lang": "es", "value": "GV Edge Recording Manager (ERM) v2.3.1 ejecuta incorrectamente los componentes de la aplicaci\u00f3n con privilegios de nivel SYSTEM, permitiendo a cualquier usuario local obtener control total del sistema operativo.\n\nDurante la instalaci\u00f3n, ERM crea un servicio de Windows que se ejecuta bajo la cuenta LocalSystem.\n\nCuando se inicia la aplicaci\u00f3n ERM, se generan procesos relacionados bajo privilegios SYSTEM en lugar del contexto de seguridad del usuario que ha iniciado sesi\u00f3n.\n\nFunciones como 'Importar Datos' abren un cuadro de di\u00e1logo de archivos de Windows que opera con permisos SYSTEM, lo que permite la modificaci\u00f3n o eliminaci\u00f3n de archivos y directorios del sistema protegidos.\n\nCualquier funci\u00f3n de ERM que invoque cuadros de di\u00e1logo de abrir/guardar archivos de Windows expone el mismo riesgo.\n\nEsta vulnerabilidad permite la escalada de privilegios local y puede resultar en un compromiso total del sistema."}], "lastModified": "2026-05-19T15:22:14.957", "sourceIdentifier": "0df08a0e-a200-4957-9bb0-084f562506f9"}