The flaws allowed an attacker within wireless proximity to install a backdoor account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests.