Security researchers have found five holes in the firmware running on Arris modems, three of which are hardcoded backdoor accounts. The flaws are found in both the standard Arris firmware, but also in the extra code added on top by OEMs. Experts looked at an Arris modem installed on the network of AT&T. There are at least 220,000 of these vulnerable modems connected online, according to researchers. The five flaws are not zero-days as researchers have not found any evidence they were exploited in attacks prior to releasing their research.
Source: https://www.bleepingcomputer.com/news/security/three-hardcoded-backdoor-accounts-discovered-in-arris-modems/