Very interesting deep dive pointing to a very flawed firmware.

Unsurprisingly ends up with an advertisement for their own security tool. That said the vector used for the attack is interesting, with more npm like ecosystems available nowadays, should we expect to see more such attacks?