From gbhackers.com
![Wi-Fi extender](https://i0.wp.com/1.bp.blogspot.com/-LO4oixubmC8/XQj9uajrtJI/AAAAAAAACDg/eNC-kSbI8D4OIoS6nQ873mfU612CwuL1QCLcBGAs/s1600/ugvql1560871808.png?w=696&ssl=1)
Researchers discovered a critical zero-day flaw in TP-Link Wi-Fi extender that allows a remote attacker to get complete control over the device and to execute commands in user privileges.
This vulnerability can be tracked as CVE-2019-7406, and it affects the following models: RE650, RE350, RE365, and RE500.
Like other routers, the extender also operates on the MIPS architecture; an attacker could exploit the vulnerability by sending malformed HTTP request without requiring login/authentication to the Wi-Fi extender.
The only concern here is the network setup for an attacker to establish a connection with the extender. If someone is already connected to the target network, they can easily access the device.