CVE-2021-47945 PUBLISHED

Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation

Assigner: VulnCheck
Reserved: 01.02.2026 Published: 10.05.2026 Updated: 10.05.2026

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the service starts.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Product Status

Vendor argus
Product Argus Surveillance DVR
Versions
  • Version Argus Surveillance DVR 4.0 is affected

Credits

  • Salman Asad (@deathflash1411) a.k.a LeoBreaker finder

References

Problem Types

  • Unquoted Search Path or Element CWE