Seems Comcast has a hidden admin user account on their business class modems other than the usual user:cusadmin-pw:highspeed. You can log in locally using the username mso and password: D0nt4g3tme . Furthermore you can also use Cross Site Request Forgery in iframes to set the modem to open up its remote admin ports to all IP’s not just the ones Comcast has preconfigured. If you wanna test this out you can visit this URL http://illmob.org/comcast BEWARE, if you are on vulnerable Comcast modem it will open remote access to your modem on http port 80, https port 8181 and telnet 2323.
Props to the guys @ Trustwave for the iframe POC.