The tools may have been mistakenly left behind by the NSA following an operation.
Hundreds of thousands of routers and firewalls are still at risk of exploitation by hacking tools linked to the NSA, which last month were leaked online.
A group calling itself the Shadow Brokers obtained a set of hacking tools from a group dubbed the Equation Group, which researchers say were used as part of surveillance operations carried out by the US intelligence agency. Researchers have shown that the leaked exploits appear to be genuine after the two network equipment makers confirmed the vulnerabilities.
The hacking tools could allow an attacker to extract VPN passwords from devices.
But patches for the vulnerabilities have yet to arrive -- more than a month after Cisco confirmed the flaws.
A recent scan of global network traffic showed that 848,753 Cisco devices were affected as of Monday. Most of the vulnerable hardware is in the US, with Russia, the UK, and Canada following behind.
Cisco said in an update on Wednesday that affected device owners should install intrusion detection systems.
There's still no word on exactly where the tools came from -- whether or not the NSA was hacked remains a mystery. The agency has so far declined to return requests for comment on the alleged breach.
According to Reuters, citing sources close to the US government's probe, investigators are examining a theory that an NSA worker left the tools online by mistake.