A while back I wrote a script to restart my Motrola SB121 Cable Modem if it couldn't connect to Google. It worked by sending a GET request to 192.168.100.1 (the modem's default internal IP) for reset.htm.
Today I saw an article referring to David Longenecker's blog Security for Real People detailing how the lack of authentication was liability.
In short, not only can anyone on your network access this, but the user can be tricked on clicking on a link to the button or a visiting a page with an image tag pointing to the link
the browser will automatically generate the request.
You may be able to configure your router to redirect or block these requests.
It seems unlikely that any kind of patch will be released for the affected modems, but the main takeaway for me is that this is yet another reason to use NoScript. The ABE protection will automatically block this and other types of malicious links as shown below.