CWE-291(Reliance on IP Address for Authentication)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product uses an IP address for authentication.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-3690 | 2026-04-10 | OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploi… |
| CVE-2026-4252 | 2026-03-16 | A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authen… |
| CVE-2025-66602 | 2026-02-08 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes int… |
| CVE-2025-59101 | 2026-01-26 | Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain s… |
| CVE-2025-34202 | 2025-09-19 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attac… |
| CVE-2024-23309 | 2024-10-30 | The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an… |
| CVE-2024-32765 | 2024-08-12 | A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via… |
| CVE-2023-7211 | 2024-01-07 | A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to relia… |
| CVE-2023-35906 | 2023-09-04 | IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. |
| CVE-2022-46415 | 2023-03-27 | DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the devi… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Description, Other_Notes |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Demonstrative_Examples |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Demonstrative_Examples, Relationships |
| 2013-06-23 | CWE Content Team | 2.5 | Critical | Changed type from composite to weakness. |
| 2013-07-17 | CWE Content Team | 2.5 | — | updated Applicable_Platforms, Description, Name, Relationships, Type |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Causal_Nature, Demonstrative_Examples, Modes_of_Introduction, Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated References, Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Observed_Examples, References |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Relationships |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships |