It's true that if there's a vulnerability discovered, and you have 50000 modems with the vulnerability, you cannot wait for the modems "to be hacked" to act. It is reasonable to try to replace EOL modems ASAP.
In this scenario do you honestly believe the best course of action is to insert a popup on web pages? If you are truly concerned you will act to preserve your network for all customers by blocking traffic from the problematic modem and then call the person. This is legally less risky than doing traffic inspection. (Losing common carrier status would be a very big deal.)