...
How about this one? If you know it or someone is author of the post, please leave link here. Thank you all.
weaknesses of most router that usually have common password like '12345'. I just read it yesterday, but don't remember where it is. (I still search to find it)
All half-way new router have a 'random' (not really random, more like derived from the MAC address) password.
But this doesn't matter anyway because router are (or better: should, if not misconfigured) not accessible from the internet.
There was a vulnerability (i think about 1-2 years ago) where some router were accessible from the internet due to a bug in a support protocol which should have been only accessible from the ISP network. This made them accessible from the internet.
The weak password can only be abused when in the same (local) network.. By the way.. passwords can be changed..
I think you are talking about a modem from a PLDT the password comes from the end of modem mac address it isn't the same as a router that mostly password are 12345678 or 1234567890.
Honestly, it's not vulnerability you can still access every ISP/modem if the IP still can be scan through the internet that is why every modem has feature like "TCP/UDP PortScan" disabled or Anti-DDOS attack so that no one will find your IP because if they can access it they can enable the SSH of the modem and send a script where they can retrieve the admin password of the ISP to fully control the modem.
I have a WiMAX experienced before where we can scan all modem except for dead ports and protected ISP and then if the user pass works we can enable the SSH through the web before we can send a script to retrieve the admin password.
That is why always enable DOS feature from the modem to prevent other user accessing your modem or change your public IP daily because if they can access your modem anytime they can remote your PC without knowing.