CWE-1301: Insufficient or Incomplete Data Removal within Hardware Component

BaseIncomplete

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

View on MITRE

Back to CWE Lookup

Extended Description

Physical properties of hardware devices, such as remanence of magnetic media, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed. Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

Not OS-Specific

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-1301

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references