As a technically competent GNU/Linux user, I'd be happy to buy the insecure smart switch and firewall out their server, as long as I can figure out a way of sending the packets myself from the command line. That way, if I ever do need to operate it from outside, I can SSH in and type the command on my own server (which would be on the same network). No need for any of our Chinese friends to get fired: just re-label the product to reflect the fact that the buyer needs to be competent enough to manage firewalls and set up their own servers. (I assume this would be easier for them than actually fixing it, because the factory probably bought in the software from a third-party developer and it's now a done deal. Shutting down their remote server might help a bit, but the devices will probably still listen to any packet purporting to come from that IP address, so it's still a good idea to firewall it out.)