Yondoo provided router, has "password" as admin pw, won't let us change it

[TACACS Macaque via NANOG <nanog () nanog org>]

Hi,

Long time lurker, first time poster. Sorry in advance if this is the wrong forum for something like this.

My mom's ISP (Yondoo) seems to be providing DOCSIS 3.1 CPE (Customer Premises Equipment) with a built-in router, 
without providing the ability to change the admin password from "password" on it.


​

Their customer service rep said that this is not only WAI, but also wanted to charge her $50 to have a tech come out 
and change it. Which is obviously less than ideal.

That aside, this seems like a pretty egregious security standard which, from my understanding, can have fairly dire 
security implications... e.g., DNS server settings can be pointed at whatever someone wants here.

My mom is elderly and had already fallen victim to a call center scammer a couple years ago. They briefly took control 
over her laptop before she called for backup. So I'm just a little concerned that we have no control over changing this 
router's admin password — from “password” — in a pinch, without waiting for a truck roll && shelling out $50.

I've sent her a DOCSIS 3.1 modem that doesn't have a router built-in, in hopes that they'll let us bring our own. She 
does have Google Wifi, but we can't even put their router into bridge mode. So she would be double NATed and have no 
control over changing the admin password on the first router.

Anyone have any experience with Yondoo? I've tried reaching out to them on multiple fronts, but have yet to hear back 
from them on this. A tech is scheduled to come out tomorrow, so the plan is to beg (bribe?) them to let us use our own 
modem and then take it from there.

Thanks,
Todd