This isn't anything like the HG612 issue whereby we were wanting info on the LAN side for line stats. With the HG612, we had a separate router for which the PPP login info was configured. The reasons why the HG612 was hacked was for linestats at a time when you could if you liked use your own hardware.. but back in 2012 there were very few VDSL routers available. Unlike now, whereby theres probably 100+ modem routers to chose from, back then there were only about 2, both of which cost several hundred pounds.
New f/w is unlikely to be the solution. The user login info appears to be held in an encrypted (ie secure & unreadable) config file. This data will be different for and unique to each individual user.
With sky routers they also broadcast this info on the LAN side so if you capture packets you can get your login data.
However with vodafone the data isnt broadcast so that leaves a big problem which is how do you capture packets to sniff data that is going out on the WAN.
What the guys are trying to do is find a way to sniff data being sent out from the WAN side of the router to Vodafone. The problem is how do you do that, because unlike trying to sniff something on the LAN side, you cant put a laptop running wireshark between the modem and vodafone on the internet side.
What we don't know is how the HHG2500 is getting that login info in the first place. It could come shipped with it, but possibly most likely is the first time it connects it will be sent that info by TR-069/TR-064 probably based on the routers MAC address.
Its then stored in the config file, but because its encrypted there's no way of finding out what that info is. Even if you look at the data (which is possible by looking at a backup config) encryption means that the user info is gobbledygook and unreadable.
I believe Plusnet do something kind of similar based on the routers MAC address that is then tied to the user account so that the first time they connect, TR-069 will automatically config the router with the correct login info. Big difference though, is that (1) You can turn this off in the PN customer portal if you use your own modem (2) They are quite happy to give you this info as its based on your account settings and not some obscure number.
I was myself considering vodafone a few months ago, but the prospect of only being able to use their HHG2500 was a big turn off.
There were a couple of other things such as the non-avoidable setup fee, which pushed up the first year costs quite a bit therefore not as big as a saving as it first appears... and the fact they use Standard rather than Speed DLM.