I know they log the WAN MAC address and can figure out the
manufacturer with the OUI, what about the router host name and other
MAC addresses like the LAN and wireless MAC?
The short answer: Depends on the ISP. In general ISP’s mainly track your usage and habits. This article on Lifehacker gives a good overview on that type of tracking that can be done on your usage without going past the WAN connection.
But as far as breaching past the WAN connection and into your LAN? Well, in general one should assume their ISP is operating within basic common carrier rights & privileges. Meaning they just won’t probe your internal router info. Which they honestly can’t if you are using a store bought router hooked up to their network.
The if comes from users who use ISP provided equipment; such as combo modems/routers. If it’s the ISP’s equipment you need to assume they are retaining some root level control on the device so they can handle remote firmware upgrades.
Here in NYC I seem to recall Verizon bricking tons of modems with a badly deployed firmware push about 10 years ago. I did dig up this article on how Comcast pushes (or pushed?) firmware updates. And I found this article on how British Telecom’s router firmware seems to setup management IP address explicitly for “firmware” updates, but then again who knows how much access they have with that level access.
Robert Graham of security firm Errata said that many Internet service
providers make custom firmware for the modems they sell, and this
typically has a management “back-door” so that the ISP can monitor or
control the modem.
So if you are truly worried about an ISP provided piece of equipment going past the WAN and into your network, then I would recommend seeing if that ISP device can be made to behave like a modem in “bridge mode” and then purchasing another router that would connect to that modem and handle all routing. That way all of you network’s “heavy lifting” happens on equipment you have purchased and you control.