Apple AirPort Firmware Data Deletion Vulnerability
On at least AirPort Extreme AP firmware 7.7.9 and AirPort Express firmware 7.6.9 (the newest available for each device at the time of reporting), a “factory-default” reset just moves the configuration file to a new location on the device, and the old file and up to two additional previous configurations remain accessible on the device. A new owner of a used Apple AirPort that has been “factory-default reset” with a vulnerable firmware version can still retrieve at least:
The level of access granted to the account with just an Apple ID and “infinite access token” is unknown. 2019-02-15 (+226d) – I had a conference call with Scotty of Product Security, an Airport firmware engineer, and a couple others from the privacy team at Apple, discussing disclosure and a timeline for a new firmware release.
Source: jcs.org