Devices should have mechanisms that protect their firmware (anti-rollback) from being downgraded.
CWE-693: Protection Mechanism Failure: The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Algorithm Downgrade: A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.
OWASP-ASVS v4.0.1 Appendix C: Internet of Things Verification Requirements.(C.22): Verify that the device cannot be downgraded to old versions (anti-rollback) of valid firmware.