That is, knowing the password, but having lost the phone number, it should be possible to recover the number. And having a phone number, it should be possible to recover the password.
But what is the benefit then?

The fact that you gave an example of INCORRECT two-factor authentication settings.
Restoration of access should go through the security service, perhaps even with a personal presence.
And the way two-factor authorization is done in general mobile services is just for show and a little complication.

Any number of factors on one device sooner or later turn into one.
Use 2FA the right way!

Firstly, stealing a phone is an order of magnitude more difficult than a username and password, for this you need to be physically close to the owner.
Secondly, the loss of the phone will be detected almost immediately, while the stolen login and password can be used for many years without arousing suspicion.
Thirdly, the phone can be password protected, in which case the attacker will need to bypass this password first, which requires additional time for the owner to notice the loss and take action.
Fourth, it is not necessary to use the same phone. Nobody bothers to install an application for generating codes on a separate phone, into which you don’t even insert a SIM card and connect to the network, don’t carry it with you. Then for theft you will need at least penetration into the home.
And some services allow you to use a USB key fob like a yubikey with a fingerprint sensor, in which case you have to physically force the owner to put a finger on it.
As for recovery, many services allow you to generate backup codes for 2FA that can be printed / copied on paper and put in a closet. Or a fireproof safe.

By activating 2fa, you get a one-time token for your device and a dozen one-time reserve tokens for logging in.
If the device is lost, you enter through one of the reserve tokens, cancel the device token, and reissue a new one.
Loss of device and loss/exhaustion of reserve tokens - loss of account.

As a rule, to reset a phone number, at least you need to talk to technical support and convince her that you are you, and not Uncle Vasya Mamkin's hacker. Well, everything is easier with a phone - as a rule, they are with users under some kind of password, and it’s not so easy to throw viruses on the phone.

In fact, a phone number, as a rule, cannot be "restored" or changed without a personal visit to the bank (or where else). The password, having a phone, can usually be reset, but the developers proceed from the fact that a normal person’s phone is protected at least with a pin code, and at a maximum with biometrics, and even by physically stealing the device, an attacker will not gain access to data.
Yes, you can give it to the manager in the cabin and quietly reissue the SIM card, but here the problem is already in the human factor, and not in the vulnerability of the protection system.

There is also a 3 factor system.
In the bank, the binding goes to the SIM card (not the number but imsi)
Hello Russian standard

That is, knowing the password, but having lost the phone number, it should be possible to restore the number. And having a phone number, it should be possible to recover the password.

Such cases are usually processed manually, because the account owner must somehow prove that he is he to the support service.
Although, as far as I know, some services violate this rule.

here is an error in reasoning

This means that there must be a recovery scheme for each factor.

2FA restore does not exist, only replacement

Do not use SMS in 2FA, use a one-time code from any Authenticator application (Google, Microsoft), which must be password-protected with a separate password (not a fingerprint from a phone, etc.)