Hackaday

A security audit of a $5 Temu WiFi extender reveals serious vulnerabilities, including a complete lack of input sanitization that allows remote code execution. Using `$(reboot)` as a WiFi password causes an infinite reboot loop, exposing the device's shell injection flaw. Firmware dumped via the Breed web recovery console was reverse-engineered in Ghidra, confirming full remote access is possible. The device runs on a Qualcomm Atheros QCA953X SoC (OpenWRT-compatible), and over 100,000 units have reportedly been sold. The manufacturer could not be contacted to report the issues, leaving many vulnerable devices on home networks.

Exploring Security Vulnerabilities In A Cheapo WiFi Extender