How does Comcast know my WiFi password?
The PSK passphrase is (by design) stored in a retrievable format by the Modem vendor, in this case Arris, but the same standard is supported by many other modem vendors. In DOCSIS cable modems this is most commonly done via SNMP against this specific OID:
clabWIFIAccessPointSecurityKeyPassphrase OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..63))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is defined in TR-181 Device.WiFi.AccessPoint{i}.Security.KeyPassphrase."
REFERENCE
"TR-181 Device Data Model for TR-069."
::= {clabWIFIAccessPointSecurityEntry 5
This is part of the CableLabs WiFi MIB, which is is in turn based on the TR-069 sub-standard of TR-181.
Not only does this apply to cable modems, but many DSL and FTTH endpoints will also allow the service provider to retrieve your PSK passphrases and a litany of other settings.
This allows for end users to have their settings backed up in case of a device having to be replaced or much more commonly for call centers to be able to retrieve some of the settings, like the pass phrase, when a customer calls in because they can't remember it.
I believe Arris routers store passwords in plain text (or some reversible encoding). Therefore your ISP just has to read the file where this is stored on your modem.
https://blog.korelogic.com/blog/2016/02/12
Are you sure that what you are viewing is actually hosted remotely? Some routers will redirect a certain webpage to an internally hosted page, essentially hijacking the connection. They do this because it's easier to remember to connect to customer.xfinity.com
than it is to remember that you need to type 192.168.1.1
into your browser. If this is the case, Comcast does not actually know your password.
You can test if this is the case by visiting this page from another system that is not behind your Comcast router. If the network name and password are not displayed even after logging in, then you will know that it was only your router redirecting to an internal page. If it does show this information despite you not being on your own router, you will know that Comcast does in fact know your plaintext password. In your particular case, it's unlikely that the router is redirecting you because the site you have visited is showing HTTPS, which provides encryption that makes such redirections infeasible.
If Comcast does know your password, then it is because the router is transmitting it to them, most likely by using CWMP, a remote management protocol from TR-069. This is supported and usually enabled by default on vendor-supplied modems and can allow an ISP to retrieve data from the router, like the key.