PatchSiren cyber security CVE debrief
CVE-2021-47945 Exploit Db CVE debrief
CVE-2021-47945 describes a local privilege escalation issue in Argus Surveillance DVR 4.0. The DVRWatchdog service uses an unquoted service path, which can allow a local attacker to influence which executable starts when the service is launched. In the supplied description, that can lead to attacker-controlled code running with LocalSystem privileges. The provided NVD record was published/modified on 2026-05-10 and cites VulnCheck advisory material and an Exploit-DB reference.
- Vendor
- Exploit Db
- Product
- Unknown
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-10
- Original CVE updated
- 2026-05-10
- Advisory published
- 2026-05-10
- Advisory updated
- 2026-05-10
Who should care
Administrators and security teams responsible for Argus Surveillance DVR 4.0, especially on Windows hosts where local user access is possible. Endpoint defenders should care because this is a local privilege escalation path that can turn a low-privilege foothold into LocalSystem.
Technical summary
The vulnerability is an unquoted service path issue affecting the DVRWatchdog service in Argus Surveillance DVR 4.0. Because the service binary path is not quoted, Windows service startup can resolve the path incorrectly and execute a malicious program placed by a local attacker in a searched path location. The source corpus identifies this as CWE-428 and rates the issue with a high-severity CVSS v4.0 vector consistent with local attack requirements and high impact on confidentiality, integrity, and availability.
Defensive priority
High for any environment running Argus Surveillance DVR 4.0, particularly systems where local interactive access, shared accounts, or weak endpoint controls exist. Treat as a straightforward privilege-escalation exposure that should be remediated quickly.
Recommended defensive actions
- Verify whether Argus Surveillance DVR 4.0 is installed on any Windows system in your environment.
- Inspect the DVRWatchdog service configuration for an unquoted binary path.
- Apply vendor remediation or update guidance if available from the product owner or advisory source.
- Restrict local write access on affected systems, especially in directories that could be used for service-path abuse.
- Harden endpoint monitoring for unexpected executables appearing in privileged path locations.
- Review local administrator and standard-user access paths on machines hosting the DVR service.
Evidence notes
The supplied source corpus states that Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in DVRWatchdog that can enable local privilege escalation to LocalSystem. The NVD metadata marks the vulnerability status as Received, lists CWE-428, and includes references to a VulnCheck advisory and an Exploit-DB entry. The provided CVSS v4.0 vector indicates a local, low-privilege attack with high impact.
Official resources
In the supplied record, the CVE entry was published and last modified on 2026-05-10. That date reflects record timing in the source corpus, not necessarily the original weakness introduction or exploitation date.