By inverting the direction of control, such that the network device initiates connections to canonical addresses to receive their initial configurations.
A nice idea in theory, I'd love to manage networks devices using some open standard. However, I can already see what would happen if this were to become reality:
"You wish to configure your router? For your safety, you can only configure our VaporWare™ SecuRouter with our dedicated Windows 11 or phone app. Do note that any ad or tracking blockers might interfere with our super privacy preserving app (trust us, really!).
only Android, iOS, and Windows 11 are supported. App does not work without Internet connectivity. Android devices require Google Play services. Jailbreak and root access will trigger our SecuRouter Secure Data Protection mechanism and disable access from your IP address. Privacy agreements and terms and conditions apply. Product may not be sold in areas covered by the GDPR."
In fact, I've had to deal with routers that required me to log in through the ISP website rather than locally because of "security".
You can make up whatever fallacious slippery slope arguments you care to invent, but such routers already exist and they are the best, most secure routers you can buy.
Those routers you can get now are only for dumb residential nonces, and routers for anything heavier duty then that all have at least a console connection available, even if they have a cloud management component.
Name another 7-year-old home wifi access point that still gets manufacturer software updates. The contemporaneous Asus RT-N66U stopped getting new releases years ago and in all likelihood contains a bunch of vestigial vulnerabilities. OnHub got scores of software updates over its life and the only time they had a CVE it was patched and pushed to all hardware globally in less than 24 hours. I don't see how this model of control is not clearly superior.
