In Slovakia there is this VDSL router offered by one of the main providers. Each such router has a different default admin password and I assume it is derived from the MAC address or the serial number of the router. By default all ports (53, 80 and 443) are open to the wide world outside, i.e. a network operator who can access the device can log into it from outside if needed. They make public claims about auto-firmware updates which can be initiated also from the device itself but I did not investigate into this.
The router is dropping 6to4 and 6in4 packets so the IPv4 tunnels are possible only using other means.
After setting admin password to something else one should also forward ports (either all of them or just the exposed ones) to a local IP address that does not even need to be running for the purpose of securing the router (i.e. it can lead to nowhere and the packets will timeout).