I would recommend openwrt. I’ve used it a bunch. You could get in via ssh and delete or otherwise disable the wipe code, but we don’t know the extent of the control the bad guys have is. It’s possible they could just turn it back on. It’s an outbound request so it’s not reliable to block a specific port. You can block it from everything in and out, but I still wouldn’t trust it.
Openwrt is a little harder to mess with as it’s not really for nas devices. My current nas is just Debian 10 on a regular pc and its working great for years and is fully patched.