What they're not telling you: # RESETTING A ROUTER BEFORE SALE MAY NOT ERASE WHAT'S STORED INSIDE A Reddit user's straightforward question about selling used networking equipment reveals a gap between what consumers believe a factory reset accomplishes and what cybersecurity researchers have documented actually remains on the device afterward. The question posed on r/privacy cuts to the heart of a practical security concern: when someone resets a router, access point, or network switch to factory defaults before selling it, does that truly wipe sensitive data? The questioner wants to know whether a simple reset is sufficient or whether they should reflash the device's firmware and overwrite partitions—suggesting uncertainty about what information persists after standard reset procedures.

What the Documents Show

This uncertainty reflects a documented technical reality that rarely surfaces in consumer documentation. Networking devices—routers, wireless access points, and managed switches—store configuration data beyond just user-facing settings. That data can include WiFi passwords, DHCP lease information, DNS query logs, SNMP community strings, MAC address tables, ARP caches, and in some cases, records of connected devices and their traffic patterns. A factory reset typically restores manufacturer defaults but doesn't necessarily purge all historical data from device memory or storage. The distinction matters because different manufacturers implement reset functions differently.

🔎 Mainstream angle
The corporate press either ignored this story entirely or buried it in a 3-sentence brief. The framing, when it appeared at all, focused on process rather than impact.

Follow the Money

Some devices use volatile RAM, where data disappears on power-off; others write configuration and logs to flash memory or EEPROM chips that persist across resets. The user's instinct to ask about reflashing firmware—overwriting the lowest-level software—suggests awareness that a GUI-level reset may not reach the hardware level where persistent data actually resides. Mainstream consumer guidance typically tells users that a factory reset is sufficient before resale. Manufacturers' own documentation generally emphasizes the reset button without detailing what data classes remain accessible post-reset. This gap between perceived and actual data erasure is where practical risk exists. A second-hand buyer with technical skills and physical access to a device could potentially recover configuration files, routing tables, or traffic metadata that a previous owner believed had been erased.

What Else We Know

The question also implies a second concern: whether switches and access points present distinct risks compared to consumer routers. Layer-2 and Layer-3 network infrastructure often logs more granular traffic data than residential routers. A managed switch might retain MAC address tables and VLAN configurations; an enterprise access point might cache authentication logs or device-pairing records. These aren't always obvious to non-technical sellers preparing equipment for resale. What the questioner is really asking—and what public guidance largely doesn't address—is whether the reset process defined by the device manufacturer is sufficient from a data-sanitization perspective, or whether additional steps are necessary to prevent forensic recovery. The lack of standardized, transparent information from manufacturers about what actually gets erased and what persists represents a gap between consumer expectation and technical reality.

Primary Sources

  • Source: r/privacy
  • Category: Unexplained
  • Cross-reference independently — don't take our word for it.
What are they not saying?
Who benefits from this story staying buried? Follow the regulatory filings, the court dockets, and the FOIA releases. The truth is in the paperwork — it always is.

Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.