Yes. I suspect that when they say the printers are only vulnerable via third-party cartridges, they mean that obviously no genuine HP cartridge would contain malicious software, therefore any malicious cartridge is by definition third party, therefore the printers are only vulnerable via third-party cartridges.
That sounds an awful lot like even their first party cartridges could be attack vectors.
Yes. I suspect that when they say the printers are only vulnerable via third-party cartridges, they mean that obviously no genuine HP cartridge would contain malicious software, therefore any malicious cartridge is by definition third party, therefore the printers are only vulnerable via third-party cartridges.