CVE-2026-4606— GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4606
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege
Source: NVD (National Vulnerability Database)
Vulnerability Description
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user. Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. Any ERM function invoking Windows file open/save dialogs exposes the same risk. This vulnerability allows local privilege escalation and may result in full system compromise.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
带着不必要的权限执行
Source: NVD (National Vulnerability Database)
Vulnerability Title
GeoVision GV Edge Recording Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GeoVision GV Edge Recording Manager是中国GeoVision公司的一个用于管理和监控视频录制设备的软件。 GeoVision GV Edge Recording Manager 2.3.1版本存在安全漏洞,该漏洞源于以SYSTEM权限运行应用组件,可能导致本地权限提升和系统完全被控制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| GeoVision | GV-Edge Recording Manager | 2.3.1 | - |
II. Public POCs for CVE-2026-4606
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4606
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: GeoVision
- CVE-2021-47795
GeoVision Geowebserver 5.3.3 - Local FIle Inclusion - CVE-2024-12553
GeoVision GV-ASManager Missing Authorization Information Dis - CVE-2024-11120
GeoVision EOL devices - OS Command Injection - CVE-2024-6047
GeoVision EOL device - OS Command Injection - CVE-2020-3931
GeoVision Door Access Control Device - Buffer overflow vulne
Same weakness: CWE-250
- CVE-2026-42088
OpenC3 COSMOS: Administrative Actions via the Script Runner - CVE-2026-40550
Privilege Escalation in mpGabinet - CVE-2026-25908
Dell Alienware Command Center 安全漏洞 - CVE-2026-4667
HP System Optimizer - Escalation of Privilege - CVE-2026-33793
Junos OS and Junos OS Evolved: When an unsigned Python op sc
V. Comments for CVE-2026-4606
No comments yet