Adrian Pastor gave a nice presentation at the OWASP London Chapter on the typical flaws found when testing embedded devices like routers. Adrian focuses on the web interface that is available on most routers today. He shows how CSRF and XSS are attacks that many routers are vulnerable to. The presentation (2.4 MB) is available for download at the OWASP site. Though we can't see the demos (this is a pdf file, and not a video), the slides are sufficiently descriptive to get his drift. Thanks Adrian!