You can remotely exploit bugs in network card firmware, and use that exploit to DMA read/write the host machine's memory AND overwrite the network card firmware permanently in EEPROM with firmware that you control.

The article also explains some potential defenses against this sort of exploit but notes that none of them are currently viable.