CVE-2026-4606

EPSS 0.06%
Veröffentlicht 23.03.2026 01:05:31
Zuletzt bearbeitet 23.03.2026 14:31:37
Quelle 0df08a0e-a200-4957-9bb0-084f56
CVE-Watchlists
Login
Unerledigt
Login

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. 

During installation, ERM creates a Windows service that runs under the LocalSystem account. 

When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user. 

Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. 

Any ERM function invoking Windows file open/save dialogs exposes the same risk. 

This vulnerability allows local privilege escalation and may result in full system compromise.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerGeoVision

≫

Produkt GV-Edge Recording Manager

Default Statusunaffected

Version 2.3.1

Status affected

Version 2.3.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.178

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
0df08a0e-a200-4957-9bb0-084f562506f9	10	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:C/RE:M/U:Green

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://https://www.geovision.com.tw/cyber_security.php

https://nvd.nist.gov/vuln/detail/CVE-2026-4606

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4606

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4606

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-4606