All users of these cable modems should immediately change their passwords.
If you are connected to the LAN interface (wired or wireless), connect to Default LAN address, default username is "user" and the default password is "user", also "admin" and "cableroot". By default these cable modem/gateways are shipped with two ports open to the Internet: TCP/64623 and TCP/64680. The former offers remote users access to a telnet console and the latter exposes the web GUI.
The oldest post I've found revealing this issue so far is here:
http://cyberfeen.wordpress.com/category/system-administration/
An additional post concerning an older version of this device and confined to a different ISP is here:
http://seclists.org/fulldisclosure/2010/Aug/120
This gentleman deserves real credit for his patience in dealing with security at the ISP and for realizing the scope of this problem. I suspect that particular provider merely filters traffic on these ports now, rather than actually fixing the underlying issue or shipping different modems to its customers. Upon cursory examination, the users in the address space listed in this post do seem to unreachable on these ports.
This vulnerability is exacerbated by the fact that these newer devices are combination wireless router/cable modems - meaning that many users do not even have the protection offered by a basic consumer firewall and those that do are still vulnerable to man in the middle exploits which redirect and sniff their outbound traffic.
I can't claim any credit; however, the scope of the number of homes and small offices effected by this demands further attention. I have attempted to contact some of the ISPs whose clients are rendered vulnerable by this equipment and will continue to do so; however, I will shortly publish a list of IP addresses and a script to exploit vulnerable systems if no action is taken.
