Re: "modems were commanded by their compromised support servers to run destructive malware"
"until Granny remembers it's patch thursday"
or preferably, the vendor's devs were to make fewer crass coding errors in the first place. It's not as if modem firmware is generally a humungous piece of code. Many reported 'vulnerabilities' have been such - e.g. hard coded credentials - as should never have been perpetrated.
As I've said before, the common assumption that it's acceptable to release broken software must change.