CVE-2026-4606

EUVD-2026-14346

23.03.2026, 02:16

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.

During installation, ERM creates a Windows service that runs under the LocalSystem account.

When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.

Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.

Any ERM function invoking Windows file open/save dialogs exposes the same risk.

This vulnerability allows local privilege escalation and may result in full system compromise.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-250 - Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References

https://https://www.geovision.com.tw/cyber_security.php