Is following communication scheme secure?

To my mind, it uses RSA modulus and public key exponent as a cryptographic secret, which is strange usage of RSA, but can it be easily broken because of that?

Description of communication provided by the vendor:

1. Every 10 hours, Client generates a new pair of 1024-bit RSA keys on his machine every 10 hours and uploads public key to the Server. Client is authenticated using password and Server authenticates itself with SSL/TLS certificate.
2. If the Server wants the Client to provide the data, the Server generates AES key and sends it to the Client encrypting the message with Client's public key using OpenSSL library.
3. Client sends the data encrypted with AES to the Server.

Potential problem: is the Server authenticated against the Client in the 2nd part of communication?

Is following communication scheme secure?

To my mind, it uses RSA modulus and public key exponent as a cryptographic secret, which is strange usage of RSA, but can it be easily broken because of that?

Description of communication provided by the vendor:

1. Client generates a new pair of 1024-bit RSA keys on his machine every 10 hours and uploads public key to the Server. Client is authenticated using password and Server authenticates itself with SSL/TLS certificate.
2. If the Server wants the Client to provide the data, the Server generates AES key and sends it to the Client encrypting the message with Client's public key using OpenSSL library.
3. Client sends the data encrypted with AES to the Server.

Potential problem: is the Server authenticated against the Client in the 2nd part of communication?