Gv Edge Recording Manager
Approved changes feed: RSS · Atom
cpe:2.3:a:geovision:gv-edge_recording_manager:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Geovision (417a3123-680c-5577-a6ff-fdce08f8be70) |
|---|---|
| Product | Gv Edge Recording Manager (d03adb81-1a3f-50bb-80ea-df3a3416a3f6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-4606 |
vulnerable | 2026-06-03 15:26:25.758086 |
GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.
During installation, ERM creates a Windows service that runs under the LocalSystem account.
When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.
Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.
Any ERM function invoking Windows file open/save dialogs exposes the same risk.
This vulnerability allows local privilege escalation and may result in full system compromise.
Published: 2026-03-23T01:05:31.952Z
Updated: 2026-03-24T03:56:02.798Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.