There is a link in the article to how such vulnerabilities were discovered in the Planet Technology WGS-804HPT industrial Ethernet switches which were being used by the publisher.
The key takeaways though for any self-hosters or home automation hobbyists though are:
- Do not expose any web interfaces to the Internet that are not absolutely necessary.
- Do not publish what equipment you are using and how fancy your network looks, as these are all clues to anyone as to how everything fits together.
- Where possible, segment all your IoT devices, doorbells, etc onto a separate LAN even if it is a separated guest network.
All my home automation web logins e.g. to Home Assistant, Sonoff switches (which have been reflashed), CCTV, Portainer, etc are behind a VPN login from outside. If I need to access any of them, I will have to log into the VPN first, and then access their dashboard screens.
It is not even about the brand of switch that is being used, as Cisco themselves have suffered zero-day exploits too. These specific vulnerabilities with the Planet Technology switches should have been patched if users have installed the updates.
See https://www.theregister.com/2025/01/20/harry_potter_publisher_breach