The most obvious rogue client device exploit is to pretend to be a mouse and/or keyboard, which on most devices will allow you to execute arbitrary code trivially, though not completely stealthily. "USB rubber ducky" is one such device available to consumers now. As for exploiting drivers: while the software might be 'trusted', I highly doubt that it is all actually secure. Emulating a USB device with a low-quality driver and then exploiting that driver by violating its assumptions about the hardware its expected to be talking to is a rich field of potential exploits (even on linux, there's vast swaths of low-quality driver code which has nowhere near the hardening of the network stack).