CWE-291
Reliance on IP Address for Authentication
Description
The product uses an IP address for authentication.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-4
CVEs mapped to this weakness (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4252 | Cri | 0.64 | 9.8 | 0.01 | Mar 16, 2026 | A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is… | ||
| CVE-2025-59101 | — | Hig | 0.50 | — | 0.01 | Jan 26, 2026 | Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other… | |
| CVE-2026-3690 | Hig | 0.41 | 7.4 | 0.01 | Apr 11, 2026 | OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of… |
- risk 0.64cvss 9.8epss 0.01
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is…
- risk 0.50cvss —epss 0.01
Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other…
- risk 0.41cvss 7.4epss 0.01
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of…