GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.
During installation, ERM creates a Windows service that runs under the LocalSystem account.
When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.
Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.
Any ERM function invoking Windows file open/save dialogs exposes the same risk.
This vulnerability allows local privilege escalation and may result in full system compromise.
"}],"value":"GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. \n\nDuring installation, ERM creates a Windows service that runs under the LocalSystem account. \n\nWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user. \n\nFunctions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. \n\nAny ERM function invoking Windows file open/save dialogs exposes the same risk. \n\nThis vulnerability allows local privilege escalation and may result in full system compromise."}],"impacts":[{"capecId":"CAPEC-113","descriptions":[{"lang":"en","value":"CAPEC-113 Interface Manipulation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"IRRECOVERABLE","Safety":"NEGLIGIBLE","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":10,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"GREEN","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"CONCENTRATED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:I/V:C/RE:M/U:Green","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-250","description":"CWE-250 Execution with unnecessary privileges","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-23T01:15:18.367Z","orgId":"0df08a0e-a200-4957-9bb0-084f562506f9","shortName":"GV"},"references":[{"url":"https://https://www.geovision.com.tw/cyber_security.php"}],"source":{"discovery":"EXTERNAL"},"title":"GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege","x_generator":{"engine":"Vulnogram 1.0.1"}}},"cveMetadata":{"assignerOrgId":"0df08a0e-a200-4957-9bb0-084f562506f9","assignerShortName":"GV","cveId":"CVE-2026-4606","datePublished":"2026-03-23T01:05:31.952Z","dateReserved":"2026-03-23T00:46:43.918Z","dateUpdated":"2026-03-24T03:56:02.798Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-23 02:16:05","lastModifiedDate":"2026-05-19 15:22:14","problem_types":["CWE-250","CWE-250 CWE-250 Execution with unnecessary privileges"],"metrics":{"cvssMetricV40":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:C/RE:M/U:Green","baseScore":10,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"IRRECOVERABLE","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"4606","Ordinal":"1","Title":"GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Leve","CVE":"CVE-2026-4606","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"4606","Ordinal":"1","NoteData":"GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. \n\nDuring installation, ERM creates a Windows service that runs under the LocalSystem account. \n\nWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user. \n\nFunctions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. \n\nAny ERM function invoking Windows file open/save dialogs exposes the same risk. \n\nThis vulnerability allows local privilege escalation and may result in full system compromise.","Type":"Description","Title":"GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Leve"}]}}}