Comment by iracigt

Agreed. This is pretty common and no worse than a firmware update. The potential catch is in-band debugging may not require the same privileges on the host you'd expect from a firmware update. So conceivably your userspace (or worse WebBLE, not sure) program could add some malicious payload that's persistent in the adapter. Tracking beacon that persists through a drive replacement is scary, but not an RCE