Researchers find an undocumented "backdoor" in Chinese made ESP32 microchip

Short version seems to be that no, your esp32-based devices aren’t remotely exploitable via radio, as some understood the original article to claim. The issue is that there are some undocumented commands that the “host” (code running on the esp chip) can send to the Bluetooth controller.