Release Date: 2025/03/23
Advisory ID
GV-ERM-2026-03-01
CVE ID
CVE-2026-4606
Affected Product
GV-Edge Recording Manager V2.3.1.0 or earlier
Security Issue
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.
During installation, ERM creates a Windows service that runs under the Local System account. When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.
Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. Any ERM function invoking Windows file open/save dialogs exposes the same risk.
This vulnerability allows local privilege escalation and may result in full system compromise.
Resolution
Reported vulnerability has been resolved with software update GV-Edge Recording Manager V2.3.2.0 and later versions which are available to download from GeoVision’s official download page at: https://www.geovision.com.tw/download/p ... 20Version)
If you have any questions or concerns in regards the cybersecurity issue, please contact our cybersecurity team: security@geovision.com.tw.