Heh, I guess I'll share the one backdoor that was left in some the NVG510 (AT&T UVerse modem that you have no choice but to use) modem firmware. Now, you did have to solder on the board to get a serial console, but once you got that, you could quite easily get to a root shell. (by default, it was this "user" shell that was exposed in some non-US configurations on the network by telnet)
All you had to do was type "magic", and then once magic mode was enabled, type "!" and you got dropped at the root shell.
A shame they patched the firmware to remove magic mode and really locked things down after I published an app to root the modem via the web interface to fix various bugs in the firmware.. App eventually got pulled for ToS violation from the Play store, and just so happens a few weeks later AT&T pushed a firmware update that fixed all the exploits I knew of
All you had to do was type "magic", and then once magic mode was enabled, type "!" and you got dropped at the root shell.
A shame they patched the firmware to remove magic mode and really locked things down after I published an app to root the modem via the web interface to fix various bugs in the firmware.. App eventually got pulled for ToS violation from the Play store, and just so happens a few weeks later AT&T pushed a firmware update that fixed all the exploits I knew of