...where are, at a trivial minimum, the VLANs!?!? Or even outright separate physical architecture, but at the very least even the absolute cheapest prosumer Omada/UniFi/Mikrotik/whatever switches and WAPs made for the last decade+ will give you some simple segmentation for free. I don't understand, apparently they had cameras and other devices in a single flat network space that any rando BYD could cruise around in? Like, sure, absolutely change default passwords, better provisioning, consider what info DNS or other side channels (like certificate transparency if you use a public CA and don't use a wildcard) might reveal, use internal VPNs even for trusted devices to access certain stuff, etc etc. But it still feels like simply isolating security/surveillance and other restricted use devices should sorta be the 101 first layer of the onion and if that wasn't done yeesh.

If this was written 20-25 years ago sure, but in 2026? Wild.