Hang on - a quick Google of the hard-coded technician password shows that these credentials have been publically-known for at least THREE YEARS:
http://forums.speedguide.net/showthread.php?279842-MasterPassword-for-the-SB6580-Cable-modem&s=9deaffc0142c3f1a03a31a9d13851eba
I'm not exactly certain how this means that Rapid7 'discovered' the vulnerability in CVE-2015-0966 - but of more concern, frankly, is that this has been in the wild for as long as it has. Bloody brilliant.
Biting the hand that feeds IT
