Personal Fav. #1:
CSRF + auth bypass
çIdeal when web int. NOT enabled on WAN
çAny admin setting can be changed
çPayload is launched when admin tricked to visit 3rd-party evil page
çEvil page makes browser send forged request to vulnerable device