And if it was a buffer overflow that lead to an arbitrary RCE instead of a firmware-overwrite, and the fix was to upgrade the code to fix the buffer overflow?

What buffer overflow? Obviously the firmware is formally proven correct and proven not to include any of those?

(I'm half joking here - I suspect that's not the case and won't be the case for a foreseeable future, but I'd be happy to learn I'm wrong here)