Hi Anime4000, thanks a lot for the nice discovery and update there.

You did a spectacular job discovering the real hardware behind the Riger DB120-WL Silver Coloured Lunchbox modem.

It's quite a good hardware actually which TM probably made it right out of so many hardware releases if people actually know how to tune(configure) it properly.

I might want to cross flash it to the official TP-Link firmware in future after the warranty has expired.

Meanwhile I only have 1 modem without a spare, so need to take care not to mess much with it yet.

My solution is rather simple approach to patch and remove all the backdoors contained in TM's cutomized firmware.

Here's what I did:

1) Disable Wireless Radio Fully In The Modem (Uncheck the Function)
This turns the modem into a 4 port switch Wired-Only Router Modem.

DHCP Server/Assignment for the TM modem is still left intact so I got myself those cheap TP-Link wireless router in the market disabled DHCP function in them so use them as strategic APs in my house. Anything with Wireless-G/150N is good enough.

With my Wireless APs, plugged into the ports 1-4(either one) of the TM DB120-WL 4 port switch modem, I can turn them off/on as I like with each having secure WPA2-AES access. Mostly I'm on wired, so they are turned ON when I have guest/need access for my mobile devices.

2) Under Access Management Tab

i) Under ACL, Delete Interface 3 For WAN Remote Access, but keep
Interface 2 for WAN Ping (Just Disable It For Future Uses)

Then Deactivate ACL totally with the main radio button above.

ii) TR-069
Deactivate It.

I can only think of those being security weakneses of the modem.
The other stuffs like changing the default access password, MAC filtering, and using stronger wireless encryptions are normal routines to protect your hardware from remote access.

Thanks to your post, I think I now know which modem to get for replacement just in case the stock TM modem dies.

Get the TD-W8951ND

If I'm not mistaken this is the only TP-Link ADSL2+ modem with wifi router which its firmware supports PPoEv6 in the market. The other TP-Link single port bridge modem that has PPPoE v6 does not have wi-fi router function.

Yes just disable the UniFi router's DHCP Server and plug it into any of 4 ports of the Riger modem/router.

By doing so, it will become a dumb AP and repeater switch while the routing function still is handled by the Riger.

Amateurs who are attempting this.

Please be careful on what you're doing.

Always refer to the make brand and model number at the top left of the modem front face labelled in white.

It only applies to Riger DB120-WL.

TM is using a universal design silver casing for all their modems and routers now. That includes their ONTs, home gateway routers and STBs.

There's also the Innacom ADSL2+modem that is also in distribution now which looks excatly the same as the Riger DB120WL but slighly smaller in size.

Do Not Attempt The Firmware Upgrade On This Model

Always confirm your modem's make/model before proceeding.