Part 4/6:

While the vulnerability is not a zero-click remote code execution exploit, it still poses a serious threat. An attacker can manipulate the printer information to make it appear as a legitimate printer, and if the victim interacts with the malicious printer, the attacker can execute their payload.

It's worth noting that the initial 9.9 CVSS rating was likely a result of miscommunication between Simone and the organization he reported the vulnerability to. While the bugs are still significant and deserve attention, the actual impact may not be as severe as the initial rating suggested.