http://bojinov.org/professional/ccs2009-xcs-paper.pdf

Attacks on consumer devices with web interfaces, e.g., NAS, by exploiting not-necessarily http protocol, e.g., FTP. As an example, an attacker loads crafted contents via FTP to victims’s web based control panel. When the admin visits the admin web app, it’s owned by the attacker.