What happens if you connect to the ports over the internet? 161 is an SNMP port.
TR-069 usies 4567 as part of the remote firmware upgrade functionality.
Being spotted on GRC scare site, is different to the device actually allowing anything over those ports.
Seen no objects by BT Retail to swapping out the HH3, and none to people swapping out Openreach modem. Though if ever reporting a possible fault, always double check with the original hardware.
3rd party router may have similar open holes. If people were exploiting the BT holes, then you can expect lots of publicity and work to resolve. If someone exploits poor security on provider XYZ hardware it might get a mention in the back of a dark hardware corner.