Separate networks
"An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system,"
And that is why you never ever(*) have any management interfaces accessible on the production network. You create a management network for this purpose that is not accessible from the production network. You still need to patch all the software holes, but it makes network subversion and penetration more difficult.
(*)and that means never ever while the universe exists.