What is a NBN "FTTC Connection Device"?

What is the generic name for this device? E.g., a router might be called a Nighthawk AX4 4-Stream WiFi 6 Router, but its generic name is just a router.

It is a modem.

On NBN FTTC, this is also known as the NCD.

I should also note that the "Nighthawk AX4 4-Stream WiFi 6 Router" you mention is actually a combination of a router, switch, and wireless access point. Many similar devices also include an ADSL or VDSL modem (which works on NBN FTTN but not FTTC).

What does this device actually do? Obviously it connects me somehow, but I'm after a more thorough answer.

More specifically, it is a VDSL2 modem preconfigured for NBN FTTC. Like any other modem, it acts as an interface between the analog signal travelling along the copper pair (your house lead-in) from the DPU in the pit, and an Ethernet network. On the OSI model, it acts on layers 1 and 2.

The DPUs are actually reverse-powered, which means your NCD is supplying power to the hardware in the pit. On first connection, this triggers the DPUs to disconnect you from the old phone network.

The modem also includes hardware for G.fast, though the aren't any concrete plans for that to be activated yet. Newer NBN FTTC DPUs also include G.fast hardware.

Specifically, this is custom made for NBN Co by NetComm.

Is there a way to administer this device? Routers are usually administered via a web interface accessible via http://192.168.0.1 or something equivalent.

The device certainly can be administered, but NBN Co in their infinite wisdom have decided to lock it down. You will not have any access from the local side.

What are the security implications of this device's presence? The opaqueness is certainly worrying

It can be considered as much a part of the ISP (NBN, not your RSP) network as the DPU in the pit outside, or whatever they have in their POIs. There's not much you can do about it. One hopes that they have properly secured the remote management interfaces (via VLAN or otherwise) but there is no easy way to prove it.

As a vague hand-wavey guess, it should generally be no less secure than the FTTP NTDs they provide.