Bernardo Rodrigues has found a "double security threat" in Arris cable modems. The vulnerability was published on Oct 2013 and it still works (archived). This threat affects at least 600`000 modems and has been likely exploited. Compromised models include the TG862A, TG860A and DG860A.
This security orifice allows an attacker to control and rewrite the modems firmware by using a password derived from the HFC MAC address, a problem commonly sold as a feature allowing easy wireless network set up. In a blog post, Rodrigues explains with details and a video how he made the discovery (archived).