ZDNet reports on May 22, 2018 a security flaw uncovered by two security researchers, Karan Saini and Ryan Stevenson.
Using only Comcast account number and the house number, Comcast router/modem activation screen will display the router’s WIFI password in plain text, even though the web form asks for full address.
If a bad actor has a Comcast account number, s/he can simply guesses the house number or apartment number.
This bug also returns the new WIFI password even if the modem/router has already been turned on.
Comcast reportedly corrected this error shortly after ZDNet’s report. Stay tuned.