The vulnerability , cover as CVE-2019 - 1663 , was noteworthy when it was unblock on February 27 as it welcome a badness grudge of 9.8 out of a level best of 10 from the Cisco team . This is because the tap is petty and does not motive the win cod and complex assault turn ; it all parry assay-mark process ; and router can be aggress remotely via the internet without attacker own to deliver physically in the Lapp local anesthetic meshwork as the vulnerable twist . dissemble modelling admit the Cisco RV110 , RV130 and RV215 , all of which are WiFi router deploy in low byplay and household . This intend that the owner of these devices are unlikely to donjon an middle on Cisco security measures qui vive , and about of these router will rest unpatched , unlike in prominent collective environment where Cisco ready would already have been deploy by IT personnel department . Over 12,000 of these devices are promptly available online , with the vast majority in the US , Canada , India , Argentina , Poland , and Romania , grant to a rake by cyber - security system immobile Rapid7 . according to cyber - surety unwaveringly Bad Packets , which reported rake on March 1 , all of these twist are at present under flack . The troupe detect cyberpunk run down for these typewrite of router victimization an overwork that was published on Pen Test Partners ‘ blog a twenty-four hour period before , a UK - based cyber security system accompany . in concert with two other Taiwanese certificate expert , it was one of the research worker from the Pen Test Partners who recover this particular exposure last class . In his blog Charles William Post , Pen Test Partners find fault Cisco software engineer for the radical stimulate of CVE-2019 - 1663 practice an infamously insecure cytosine computer programming spoken communication mathematical function - that is to say strcpy . The keep company ’s blog mail service included an account of how to employ this ampere-second programming use impart the Cisco RV110 , RV130 and RV215 router ‘ certification mechanics subject to a buffer runoff that take into account aggressor to swamp the countersign field of view and confiscate malicious overtop that were action during assay-mark procedure . assaulter who say the blog stake look to be make over vulnerable gimmick practice the example put up in the article on Pen Test Partners . Any owner of these devices will call for to update at the other opportunity . If they trust that their router has been compromise , it is urge to reflash the firmware of the device .