Arris modems have three hardcoded backdoors.
NGV589 and NVG599
Below are the backdoors:
#1: SSH that use the default “remotessh/5SaP9I26” username and password.
#2: Build in Web Server is vulnerable to a command injection flaw.
#3: A well-crafted HTTP request sent via port 49152 will allow attackers to bypass the modem’s internal firewall and open a TCP proxy connection to the device.