Login Sign Up

CVE-2019-8575

7.5 HIGH

📋 TL;DR

CVE-2019-8575 is a data deletion vulnerability in Apple AirPort base stations where performing a factory reset may not properly erase all user information. This affects users of Apple AirPort base stations who attempt to reset their devices before disposal or transfer. The vulnerability could allow subsequent users or attackers to access residual sensitive data.

💻 Affected Systems

Products:
  • Apple AirPort Base Station
Versions: Versions prior to 7.8.1 and 7.9.1
Operating Systems: AirPort Base Station Firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all AirPort base station models that support these firmware versions. The vulnerability exists in the factory reset functionality itself.

📦 What is this software?

Airport Base Station Firmware by Apple

View all CVEs affecting Airport Base Station Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive user data (network credentials, personal information) remains accessible to unauthorized individuals who obtain the device after reset, potentially leading to identity theft or network compromise.

🟠

Likely Case

Previous owner's Wi-Fi credentials and basic configuration data remain on the device, allowing new owners to access the previous network or gather personal information.

🟢

If Mitigated

If proper firmware updates are applied before resetting, all user data is properly erased during factory reset procedures.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires physical access to the device after a factory reset has been performed. No authentication bypass or remote exploitation is involved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AirPort Base Station Firmware Update 7.8.1 and 7.9.1

Vendor Advisory: https://support.apple.com/en-us/HT210090

Restart Required: Yes

Instructions:

1. Open AirPort Utility on macOS or iOS. 2. Select your AirPort base station. 3. Click 'Edit' then 'Update' to check for firmware updates. 4. Apply firmware update 7.8.1 or 7.9.1. 5. The base station will restart automatically after update.

🔧 Temporary Workarounds

Manual Data Wipe Before Reset

all

Manually delete all network configurations and user data through AirPort Utility before performing factory reset

🧯 If You Can't Patch

  • Physically destroy storage components before device disposal
  • Use third-party data wiping tools specifically designed for network hardware

🔍 How to Verify

Check if Vulnerable:

Check firmware version in AirPort Utility. If version is earlier than 7.8.1 or 7.9.1, the device is vulnerable.

Check Version:

Open AirPort Utility, select base station, check firmware version in device information

Verify Fix Applied:

Verify firmware version shows 7.8.1 or 7.9.1 in AirPort Utility after update.

📡 Detection & Monitoring

Log Indicators:

  • Factory reset events in device logs without corresponding firmware update logs

Network Indicators:

  • Unauthorized devices connecting with previous owner's credentials

SIEM Query:

No standard SIEM query available as this is primarily a physical device issue

📊 Metadata

CVE ID: CVE-2019-8575
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: October 27, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON