Did TWC ever fix the default WPA2 key problem? -
»Service Provider Customer Security Policies - A Case Study
The default WPA2 key used to be the concatenation of the SSID and BSSID. And as we all know, both of those values are broadcast in the clear. And since the default SSID used to be the model number, you could easily identify a TWC Arris device (wiggle) and derive the WPA2 key.
Specifically, if the default SSID is TG862G92, and the BSSID is XX-XX-XX-AB-CD-XX, for example, then-
bssid: XX-XX-XX-AB-CD-XX -->TG862G ABCD 92 -->TG862GABCD92
where XX - don't cares
AB - byte4
CD - byte5