CVE-2026-4606

GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege

Assigner: GV
Reserved: 23.03.2026 Published: 23.03.2026 Updated: 23.03.2026

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.

During installation, ERM creates a Windows service that runs under the LocalSystem account.

When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.

Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.

Any ERM function invoking Windows file open/save dialogs exposes the same risk.

This vulnerability allows local privilege escalation and may result in full system compromise.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:I/V:C/RE:M/U:Green
CVSS Score: 10

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	GeoVision
Product	GV-Edge Recording Manager
Versions	Default: unaffected Version 2.3.1 is affected Version 2.3.2 is unaffected

Vendor

GeoVision

Product

GV-Edge Recording Manager

Versions

Default: unaffected

Version 2.3.1 is affected
Version 2.3.2 is unaffected

Credits

Reported by security researcher Chao Liu (chaoliu@rbbusa.com) finder

References

Problem Types

CWE-250 Execution with unnecessary privileges CWE

Impacts

CAPEC-113 Interface Manipulation