Re: Security device has security bug.
On my CenturyLink modem/router, the TR-069 administration port (4567) was world-accessible. I found this out by doing a port-scan from a free website (so fully external, not LAN/WAN or inside CenturyLink's network). No one at CenturyLink I managed to talk to had ever heard of this (thank you Tier -1 tech support), but I found several websites documenting it. As it was bonded DSL, there were only a couple models in existence that could cope with that type of connection, so buying my own was pretty much out of the question.
One of these days someone will figure out how to get into these, and suddenly there will be a massive botnet made of them. I'm now on T-Mobile with a non-publicly-addressable modem.