If it allows anyone to remotely execute arbitrary code on a device without the user's consent, it's called an RCE vulnerability. About as serous as software vulnerabilities go, needs to be patched yesterday.
But if it only allows the manufacturer to remotely execute arbitrary code on a device without the user's consent, it's called an automatic software update mechanism and most people somehow consider that it's totally fine.
But if it only allows the manufacturer to remotely execute arbitrary code on a device without the user's consent, it's called an automatic software update mechanism and most people somehow consider that it's totally fine.