Cable Haunt is a recent vulnerability that has been found in over 200 million cable modems in Europe and likely many more in other countries as well. Many modern modems use similar Broadcom chipsets and used the same reference firmware which contained the vulnerability. Because of this, the impact of this vulnerability is much greater than it would have been otherwise. Software running in many (probably nearly all) consumer modems have not implemented best practices for security.
A few months ago, I switched to using my own cable modem instead of using the ISP provided modem/router, and I wanted to access the web interface for the cable modem status. Another reason was to change the default password if it had one since default passwords are not secure. The default web address for cable modems is typically http://192.168.100.1. Perhaps that is a common default IP address to avoid potential IP address conflicts with standard consumer grade routers which often default to 192.
It is not uncommon for many home networks to utilize an all-in-one network device provided by the users' Internet Service Provider (ISP). For ease of setup and use, ISPs typically include/lease this equipment by default when users order Internet service. These all-in-one devices are essentially a combination of a modem, router, switch, firewall, and wireless access point. They can also include VOIP (Voice Over IP), home security, and cable TV services.