[OP here]
Just some minor follow up:
- The tech was able to swap out their RG with the modem-only one that I had sent (after making a couple phone calls). It didn't seem like they could provision a user-supplied modem remotely for some reason, but it also sounded like maybe this wasn't something they normally do, if ever.
- The outgoing RG was an Evolution Digital EVO3000GW. The screenshots that dropped were meant to show me attempting an admin password change, and it not letting me.
- AFAIK, no WAN ports were open, but UPnP was on by default. I neglected to do a port scan on the WAN port before the equipment swap, but that probably would've been prudent.
- Sorry for not being clear about this before, but I'm fairly remote (~5 hour drive), so my mom was acting as remote [somewhat arthritic] hands in all this.
- Since I'm remote, I had previously sent a raspberry pi that is running both pi-hole (to mitigate the possibility of her or her partner clicking on a malicious ad or pop-up that may compel them to inadvertently connect with a call center scammer again) and ZeroTier. I use ZT to log in to this device, which double NAT breaks, which is why I brought that up. Totally understandable that most average customers don't use this, and a double-NAT situation is probably fine for my mom's demographic. That said, to be sure, the much bigger issue is that they're provisioning CPE with an unchangeable "password."
- I understand that this forum may not be quite the right fit for a post like this, and am looking for others that may be more appropriate. My hope is that this eventually gets to someone at Yondoo, or parent Mid-Atlantic Broadband (AS29914), since something like this probably falls outside of the wheelhouse of their tier 1 support, which was all we could get a hold of.
Thanks to everyone who's responded -- I value all of your input.
Cheers,
Todd