Right. The common one is an initially malicious device given to an unsuspecting user. This is a stock device that a user already has and trusts. It’s a huge vulnerability that an unauthenticated user can completely take it over. This is a 9.3 CVE, without even considering pivoting to the PC.