CWE-1301Insufficient or Incomplete Data Removal within Hardware Component

PUBLISHEDweakness record
released 2020-08-20 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1301
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2020-08-20
更新日期:
2025-12-11

名称

Insufficient or Incomplete Data Removal within Hardware Component

描述

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

Physical properties of hardware devices, such as remanence of magnetic media, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed. Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells.

常见后果

范围:
Confidentiality
影响:
Read Memory, Read Application Data

相关 CWE