IBM X-Force researchers found flaws in Tenda PA6 Wi-Fi Powerline extender, version 1.0.1.21, which extends the wireless network throughout the house. Two of the bugs are a command-injection issue (CVE-2019-16213) and a critical buffer overflow (CES-19505) The bugs are post-authentication so a user would need to be signed in to exploit the bugs. The web server itself is password-protected with the default (and very guessable) password admin
Source: https://threatpost.com/unpatched-wi-fi-extender-remote-control/156990/