Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1301 — Vulnerability Class 2

2 vulnerabilities classified as CWE-1301. AI Chinese analysis included.

CWE-1301 represents a critical data sanitization weakness where hardware components fail to completely erase sensitive information, leaving residual data recoverable through physical analysis. This vulnerability is typically exploited by attackers who physically access discarded or stolen devices, leveraging techniques such as magnetic force microscopy, voltage contrast imaging, or thermal analysis to reconstruct erased data from magnetic remanence, residual charges in RAM, or screen burn-in artifacts. Developers mitigate this risk by implementing rigorous, multi-pass overwriting protocols specifically designed for the underlying storage medium’s physical characteristics. Furthermore, integrating hardware-level encryption with secure key destruction ensures that even if raw data remains, it remains cryptographically inaccessible. Regular validation of sanitization procedures and adherence to standards like NIST SP 800-88 are essential to guarantee that no recoverable traces of sensitive information persist after device decommissioning or maintenance.

MITRE CWE Description
The product's data removal process does not completely delete all data and potentially sensitive information within hardware components. Physical properties of hardware devices, such as remanence of magnetic media, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed. Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells.
Common Consequences (1)
ConfidentialityRead Memory, Read Application Data
Mitigations (2)
Architecture and DesignApply blinding or masking techniques to implementations of cryptographic algorithms.
ImplementationAlter the method of erasure, add protection of media, or destroy the media to protect the data.
CVE IDTitleCVSSSeverityPublished
CVE-2025-29946 AMD EPYC 安全漏洞 — AMD EPYC™ 9005 Series Processors 4.4AIMediumAI2026-02-10
CVE-2025-12216 Malicious / Malformed App can be Installed but not Uninstalled — BLU-IC2 7.5 -2025-10-25

Vulnerabilities classified as CWE-1301 represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.