Ask HN: Too theoretical for hackers to flash your firmware excluding boot ROM?

Most computer components have firmware otherwise they wouldn't do anything. This means that firmware exists in more than just the boot rom. This topic excludes the boot rom because I know it's not too theoretical for a hacker to flash the boot rom. It's clearly explained step by step how to do external boot rom flash on many different websites such as Coreboot. But this topic is not about the boot rom, it's about the other firmwares on a laptop such as cam, mic, keyboard, bluetooth, embedded controller.

Is it too theoretical how a hacker would do that? As in would it require some very rare 0-day vulnerability which might not exist currently? Or are there known ways how a hacker would be able to flash malware into these components such as the embedded controller or cam?

The reason I ask is because I've heard from people in cyber security saying two arguments: yes it's possible, no it's too theoretical or "way too unlikely". So which is it? No one has actually tried explaining their answer or linking to any source. Answers are always vague.

I think it's important to have these answer because when it comes to firmware security, it makes a huge different if all you need to do is to flash the boot rom to ensure your firmware is uncompromised. That would make security 1000 times easier. But if it's not enough then you would maybe have to Unfortunately throw away the computer if you think there's compromised firmware because you won't be able to get rid of it.

Don't forget to explain your answer. Please give link to source and further reading about this.