CVE-2021-47945

HIGH

Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47945. PoCs published by Salman Asad.

AI-analyzed exploit summary This exploit demonstrates an unquoted service path vulnerability in Argus Surveillance DVR 4.0, where the service path contains spaces and is not enclosed in quotes, allowing for potential privilege escalation via path manipulation.

Description

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the service starts.

Exploits (1)

exploitdb WORKING POC
by Salman Asad · textlocalwindows
https://www.exploit-db.com/exploits/50261

This exploit demonstrates an unquoted service path vulnerability in Argus Surveillance DVR 4.0, where the service path contains spaces and is not enclosed in quotes, allowing for potential privilege escalation via path manipulation.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Argus Surveillance DVR 4.0
Auth required
Prerequisites: Service must be configured to start on Windows startup · Local access to the system
devstral-2 · analyzed May 10, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit
ExploitDB-50261
https://www.exploit-db.com/exploits/50261
Third Party Advisory third-party-advisory
VulnCheck Advisory: Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation
https://www.vulncheck.com/advisories/argus-surveillance-dvr-unquoted-service-path-privilege-escalation

Scores

CVSS v3 7.8
EPSS 0.0011
EPSS Percentile 1.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
argus/Argus Surveillance DVR Argus Surveillance DVR 4.0
Published May 10, 2026
Tracked Since May 10, 2026