TheMaartian
I'm still wondering if the cable modem on the front end of the C7000 limits/eliminates its vulnerability.
That probably depends on how your ISP set up the modem, the brand, and if it provides any sort of firewall or network address translation. It probably does have remote management enabled, so that their tech support can reset or run diagnostics on your connection if necessary.
Probably still best to lock your router down anyway following the best practices. At least the bad guys should have a harder time getting into your router box and your private address space that way. That way if the modem ever got compromised, only your unencrypted network traffic on the public side of the router would be at risk. There are options such as VPNs that could ensure everything that goes out is encrypted, but at least you should already be using HTTPS, wherever possible these days anyway.