Here is the original vulnerability report: https://www.redteam-pentesting.de/en/...

JdeBP · on March 28, 2019

... which has

    -A kurl

in the proof of concept.

I also note the timeline

* 2019-01-22 Firmware 1.4.2.20 released by vendor

...

* 2019-02-07 Incomplete mitigation of vulnerability identified

...

* 2019-03-25 Vendor requests postponed disclosure

So this is apparently a bad fix that Cisco has known about since February, and asked for an extension in order to fix again.