CVE-2026-4606

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 10,0

Source: 0df08a0e-a200-4957-9bb0-084f562506f9

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.

During installation, ERM creates a Windows service that runs under the LocalSystem account.

When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.

Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.

Any ERM function invoking Windows file open/save dialogs exposes the same risk.

This vulnerability allows local privilege escalation and may result in full system compromise.

250

Execution with Unnecessary Privileges

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Read Application Data Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: Mobile

Likelihood of Exploit: Medium

View CWE Details

https://www.geovision.com.tw/cyber_security.php

CVE-2026-4606

Description

Execution with Unnecessary Privileges

Common Consequences

Applicable Platforms

Iscriviti alla newsletter