Comment by Aurornis

That's not an accurate interpretation. At best, they're saying that a device using an ESP32 radio could send arbitrary packets, change its MAC address, or read/write the memory and registers on the radio.

> “Buy this super cheap home automation product” turns into installing an APT in your network.

That doesn't make any sense. If you buy a device with a radio, it's reasonable to assume that a malicious firmware could send/receive arbitrary things. That doesn't mean they have control of your network.

EDIT: It's like if you plugged an ethernet IoT device into your network and then someone told you the Ethernet chip on the device was capable of sending arbitrary packets or changing its MAC address if the device chooses to do so.