Theoretically, a simple switch could be more complex than it appears, and therefore theoretically it could have security issues.

For example, my completely wild guess would be that there’s probably an arm or a mips CPU and some ram inside that doesn’t really do much… this is because smart switches would often use the same switch chip, for Ethernet, but with additional flash chip actually populated on the same PCB causing some software to run in the thing allowing you to configure the device and giving the forwarding logic additional behavior.

Practically its extremely highly unlikely, that someone could exploit a dumb switch to run arbitrary code, regardless of the brand label on it and country of origin.

Enjoy the new switch!

Yes, it is a potential renegade device on your network, similar to IoT devices or a computer of unknown origin. Modern SoCs are computationally capable, cheap, and would easily fit inside a commodity consumer switch.

I stick to well known name brands. And in any case, it remains critical to robustly secure all your devices even if they are on your “secure” LAN.

Theoretically, there could be hardware/software running on the device that learns the source/destination IP addresses of frames passing through it and then assigns itself a suitable static IP so you wouldn’t see it in your router’s DHCP table and then phones home that way…

Theoretically. You could try to just plug a single computer into it and run wireshark and see if you see anything. Theoretically its possible for it to not broadcast or send its own traffic until a gateway IP is identified and learned but this would be highly theoretical stuff.

I think all in all the effort to create a compromised stealth switch like this would GREATLY outweigh the effort required to create a working switch with a trusted brand name in a crowded market segment. But hey anything’s possible when you wear tinfoil on your head.