No vendor should be able to do this remotely at all. Irrespective of security vulnerabilities present or not.