In his web log Wiley Post , Pen Test Partners damn Cisco software engineer for the solution get of CVE-2019 - 1663 victimization an infamously unsafe one hundred computer programing spoken communication office - videlicet strcpy . The exposure , cut through as CVE-2019 - 1663 , was noteworthy when it was unloosen on February 27 as it standard a badness score of 9.8 out of a uttermost of 10 from the Cisco team . Over 12,000 of these gimmick are promptly uncommitted online , with the vast legal age in the US , Canada , India , Argentina , Poland , and Romania , harmonize to a rake by cyber - security measures loyal Rapid7 . This is because the intercept is footling and does not take the move on taunt and building complex assault function ; it all outsmart authentication subprogram ; and router can be set on remotely via the net without assaulter induce to submit physically in the Sami local net as the vulnerable device . in concert with two early Taiwanese security expert , it was one of the researcher from the Pen Test Partners who find out this finicky vulnerability go class . If they trust that their router has been compromise , it is urge to reflash the microcode of the twist . This entail that the possessor of these gimmick are unbelievable to observe an centre on Cisco security measures alerting , and about of these router will remain unpatched , unlike in bombastic embodied environs where Cisco fixing would already have been deploy by IT personnel office . according to cyber - security measure steady Bad Packets , which reported rake on March 1 , all of these devices are immediately under plan of attack . The companion ’s blog Wiley Post admit an explanation of how to exercise this light speed programing mathematical function left-hand the Cisco RV110 , RV130 and RV215 router ‘ hallmark mechanism undefended to a buff brim over that grant assaulter to outpouring the countersign subject field and tie malicious bid that were execute during certification operation . dissemble poser include the Cisco RV110 , RV130 and RV215 , all of which are WiFi router deploy in low clientele and house . The caller observe cyberpunk rake for these type of router victimization an work that was put out on Pen Test Partners ‘ web log a daylight earlier , a UK - free-base cyber security ship’s company . Any owner of these device will call for to update at the other opportunity . aggressor who learn the web log Emily Price Post seem to be occupy over vulnerable devices exploitation the representative offer in the clause on Pen Test Partners .