CWE-1330: Remanent Data Readable after Memory Erase
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.
常见后果
影响范围: Confidentiality
技术影响: Modify Memory Read Memory
说明: Confidential data are readable to untrusted agent.
潜在缓解措施
阶段: Architecture and Design
检测方法
方法: Architecture or Design Review
方法: Dynamic Analysis with Manual Results Interpretation
观察示例
参考: CVE-2019-8575
Firmware Data Deletion Vulnerability in which a base station factory reset might not delete all user information. The impact of this enables a new owner of a used device that has been "factory-default reset" with a vulnerable firmware version can still retrieve, at least, the previous owner's wireless network name, and the previous owner's wireless security (such as WPA2) key. This issue was addressed with improved, data deletion.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
适用平台
编程语言
操作系统
技术
关键信息
CWE ID: CWE-1330
抽象级别: Variant
结构: Simple
状态: Draft