Is Selling Old Cisco Routers a Security Issue?
If you have console access to a Cisco Router you can use Cisco Password Recovery techniques to get in, then dump the cleartext config file via TFTP - you then have access to cleartext passwords, or passwords that are trivial to decrypt.
So you do need to factory reset. If you haven't got the login details for the routers (in which case you can probably get in via SSH over a network connection), then you will need to use the above techniques to get in, then issue the write erase
command to drop the existing configs.
Password recovery methods for the majority of Cisco devices includes the ability to access the stored configuration. While enabling service-password-encryption hashes the stored passwords, it's not bullet proof.
Further, the configuration will contain sensitive information about the architecture and addressing of your network.
To answer your question directly:
Yes, selling used Cisco routers without wiping them of your data poses a security risk.
You really need to wipe them completely as stated by various others.
Getting a Cisco console cable is easy.
Nearly any new Cisco device I have ever seen comes with on in the box. It's either a blue one with a D-sub 9-pin connector on 1 end and a RJ45 on the other. Or it is a flat black cable (not UTP) with a RJ45 on both ends with a seperate 9pin or 25-pin D-sub connector that has a socket for a RJ45 plug that goes with it.
You probably have some of them lingering around somewhere in the server-room or on a storage-shelf. (First place to look is the patch-cabinet: Many admins keep one handy in each patch-cabinet as a matter of principle.)
You can make one yourself as well from an old serial cable and a RJ45 crimp connector. Just follow the instructions here: http://www.cisco.com/en/US/products/hw/routers/ps214/products_tech_note09186a00801f5d85.shtml
Serial settings are 9600 baud, 8 bits of data, 1 stop, no parity. No flow-control.
Save yourself from any future trouble and erase the configuration, like @mcmeel said this is sensitive information we are talking about. Keep the routers until you have access to a console cable and try again. The entire process shouldn't take long to complete on all five devices.
We all have limitations in our knowledge, if you don't feel confident enough then please find someone with a Cisco background who can do it.