People can speculate all day but unless you are doing hardware level diagnostics there is no way to put your mind at ease. For charging devices one can either buy "USB condoms" or just make on by cutting every wire except those used for power. It also would not hurt to check if your BIOS has options related to disabling updates to the BIOS via USB/UEFI, just don't forget you did that if the option exists.

For your case of USB to Ethernet data is required so the only other way beyond hardware diagnostics and dumping firmware is to do extensive background checks on everyone working for your ISP, FTE's, contractors, executives and all the board members. Doing that without their knowledge is very expensive not to mention does not cover all the people in the shipping logistics path. Consumer hardware rarely has a full chain of custody with attestation.

There may be some fringe cases where a USB hub may help mitigate some threats such as over-voltage. Realistically at some point one has to either trust the device or avoid technology all together. There are communities of people that avoid technology so for what it's worth you would not be alone if pursuing that route.

If the concerns are related to organizations or governments snooping Microsoft Windows Recall, MacOS mediaanalysisd have negated the need for hardware snooping like the good ol' days of KeyGhost. One tiny update could in theory upload AI summaries. Incremental updates tend to stay out of the news.