CWE-1301: Insufficient or Incomplete Data Removal within Hardware Component

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

常见后果

影响范围: Confidentiality

技术影响: Read Memory Read Application Data

潜在缓解措施

阶段: Architecture and Design

描述: Apply blinding or masking techniques to implementations of cryptographic algorithms.

阶段: Implementation

描述: Alter the method of erasure, add protection of media, or destroy the media to protect the data.

观察示例

参考: CVE-2019-8575

Firmware Data Deletion Vulnerability in which a base station factory reset might not delete all user information. The impact of this enables a new owner of a used device that has been "factory-default reset" with a vulnerable firmware version can still retrieve, at least, the previous owner's wireless network name, and the previous owner's wireless security (such as WPA2) key. This issue was addressed with improved, data deletion.

引入模式

阶段	说明
Implementation	-

适用平台

编程语言

Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1301

抽象级别: Base

结构: Simple

状态: Incomplete

CWE-1301: Insufficient or Incomplete Data Removal within Hardware Component

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1301: Insufficient or Incomplete Data Removal within Hardware Component

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-226

相关攻击模式