CWE-291 10 個 CVE MITRE 定義 ↗

CWE-291:Reliance on IP Address for Authentication

概覽

CWE-291(Reliance on IP Address for Authentication)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product uses an IP address for authentication.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-3690 2026-04-10 OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploi…
CVE-2026-4252 2026-03-16 A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authen…
CVE-2025-66602 2026-02-08 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes int…
CVE-2025-59101 2026-01-26 Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain s…
CVE-2025-34202 2025-09-19 Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attac…
CVE-2024-23309 2024-10-30 The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an…
CVE-2024-32765 2024-08-12 A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via…
CVE-2023-7211 2024-01-07 A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to relia…
CVE-2023-35906 2023-09-04 IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
CVE-2022-46415 2023-03-27 DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the devi…

曾用名

  • Trusting Self-reported IP Address (2013-07-17)

內容提交

名稱
CLASP
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2010-02-16 CWE Content Team 1.8 updated Description, Other_Notes
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Demonstrative_Examples
2012-05-11 CWE Content Team 2.2 updated Demonstrative_Examples, Relationships
2013-06-23 CWE Content Team 2.5 Critical Changed type from composite to weakness.
2013-07-17 CWE Content Team 2.5 updated Applicable_Platforms, Description, Name, Relationships, Type
2014-02-18 CWE Content Team 2.6 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Causal_Nature, Demonstrative_Examples, Modes_of_Introduction, Relationships
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples, References
2025-04-03 CWE Content Team 4.17 updated Relationships
2025-12-11 CWE Content Team 4.19 updated Relationships
cvelogic Threat Intelligence