No. But before they even think of selling such a product, they must have a plan for customer disclosure and field updates in place, as otherwise offering such product becomes a big liability once the first vulnerability disclosure gets into the open. Here at least they were informed about it in advance, someone else could have simply leaked the disclosure anonymously.
The company in question have set themselves up for failure, and I'm not very sympathetic to their plight. If you distribute shit with firmware in it, you have two options:
1. Don't worry about upgrades, but apply a software development process that would be applicable to a "launch and forget" space mission. Thus you invest up front into ensuring that the damn thing will perform to specifications before you launch it. It's expensive, but you can truly deploy the product and at least have a lot of tangible evidence that you applied state-of-the-art engineering to ensuring that the customers should be secure. You did your due diligence.
2. Use a loose development process, and ensure that there is a (perhaps tiered) system of customer notification, field upgrades, and service contracts.
This is a no brainer really, if you've got half a brain, that is.