oh, psh, I'm not sure how they handle the LAN adapter, but cause you have to have it set up in settings, it pipes thru IOSU somehow, you can't access USB storage specifically, they have seperate interfaces for all the other kinds.
Human Interface Devices (eg the Gamecube adapter and a keyboard and mouse if you were that crazy about True Internet Experience™)
Communications Device Class that DRH uses to communicate with the Gamepad
UAC (USB Audio Class if you plugged in a microphone and wanted to use it, I actually remember doing that when MN1 and I were testing stuff lmao)
USB-MIDI which I'm not sure of a use case
USB storage is UHS which is what IOS-MCP keeps locked down
http://wiiubrew.org/wiki/IOSU#IOS-USB
Not sure if this would work, but how about using USB-HID as an entrypoint?
I remember seeing a USB stick with an unlocked driver partition, in which one could insert files or code that made the device look like another, normally used to skip newer AutoRun Windows's security measures.
If code was injected in these to create a denial of service attack, invoking a kernel panic and before crashing redirecting the ELF loader to a code interpreter that would translate the payload as a HID input that would load a chain of privilege escalation by overloading the system, then replacing certain data in RAM as to load a limited version of CFW with debug capabilities, as such allowing deeper access into the system? Or is this not possible for some reason?