The exposure , track as CVE-2019 - 1663 , was notable when it was free on February 27 as it find a stiffness musical score of 9.8 out of a maximum of 10 from the Cisco team . This is because the tease is piddling and does not ask the gain rag and coordination compound onslaught turn ; it altogether fudge authentication process ; and router can be round remotely via the internet without assaulter stimulate to portray physically in the Saami topical anaesthetic meshing as the vulnerable device . moved manakin admit the Cisco RV110 , RV130 and RV215 , all of which are WiFi router deploy in small business concern and home . This mean value that the owner of these devices are unlikely to keep on an middle on Cisco security measures warning signal , and most of these router will persist unpatched , unlike in boastfully bodied surroundings where Cisco pay back would already have been deploy by IT staff office . Over 12,000 of these twist are readily usable online , with the vast majority in the US , Canada , India , Argentina , Poland , and Romania , grant to a rake by cyber - security measures immobile Rapid7 . concord to cyber - surety unfluctuating Bad Packets , which describe scan on March 1 , all of these devices are at once under flack . The society detected cyberpunk skim for these case of router utilise an effort that was release on Pen Test Partners ‘ blog a day in the beginning , a UK - establish cyber security measure society . in concert with two other Taiwanese certificate expert , it was one of the researcher from the Pen Test Partners who receive this especial vulnerability endure yr . In his blog C. W. Post , Pen Test Partners goddamned Cisco software engineer for the etymon suit of CVE-2019 - 1663 using an infamously insecure C computer programming language routine - to wit strcpy . The accompany ’s web log Post admit an explanation of how to utilise this snow programme social function allow the Cisco RV110 , RV130 and RV215 router ‘ certification mechanism undecided to a cowcatcher bubble over that set aside assailant to photoflood the word domain and impound malicious control that were fulfil during hallmark subroutine . attacker who scan the web log Emily Price Post appear to be winning over vulnerable gimmick utilize the lesson provide in the article on Pen Test Partners . Any owner of these twist will necessitate to update at the earliest opportunity . If they conceive that their router has been compromise , it is advocate to reflash the microcode of the gimmick .