I have a similar set-up
I use a wireless access point that can expose multiple ssid with different vlans (I think it a fairly common feature)
my router runs openwrt and the iot vlan is in a different firewall zone
use wireguard to remotely access the lan zone
It may also be a corrupted firmware update.