What are the risks when someone (maybe a hacker), that through Social Engineering gets the WPA or WEP key of my router and (obviously) can navigate through internet.
At this point, what can this hacker do? Can he do some kind of work in my router if my router is blocked through User and password?
If the attacker is sufficiently close to the access point and can connect to it, he can view all unencrypted network traffic that goes past your router by using a packet capture utility like Wireshark. Although WEP adds a slight barrier, its still easily decipherable even by unauthenticated users.
On a side note: WEP has been shown to be completely broken. Any attacker close enough to your WEP secured access point can extract the key just by packet captures - typically within minutes (without any social engineering). Thats why its important to use at least WPA2 to secure your network.
To answer your other question: Once the attacker is on your network, he can launch a brute force attack on the router login credentials (no such attack needed if your router uses default authentication credentials - a comprehensive list of default router passwords can be found here). Once successful, he has effectively "owned" your router and can even lock you out by changing the password. A comprehensive list of attacks on wireless networks and their users can be found here
WEP can be cracked by generating data communication with your router through empty ARP requests. So that's why it's considered bad and shouldn't be used. It uses the RC4 algorithm encryption with your password you enter to generate a key. Something you should learn once you take crypto.
Wpa will be harder since they will need to brute force the password which will take a long time pending you have a hard password. They can also do targeted attacks on you and create dictionaries files to use against you.
Once in your network they can monitor your traffic, use your internet for free, maybe even see what websites you visit and try to do some spear phishing on you. But besides that I am not really positive the other factors they could do on your network once they crack your password. Oh I guess they could change your routers password and mess with settings?
After getting access to the key and connecting as a client to your router, the attacker can potentially launch a MITM (Man In The Middle) attack at your router using a technique called as ARP spoofing.
https://en.wikipedia.org/wiki/ARP_spoofing
Consequently, if successful, he can get access to the traffic of other clients on the network. He can intercept and eavesdrop on traffic and in some cases such as cleartext HTTP, he can modify the and inject malicious data.
Moreover, if the MITM attack is successful, the attacker can possibly intercept the credentials to access the router such as in the case of TP-Link WR740N router which has an authentication system wherein the credentials are sent in cleartext(base64 encoded) and can be trivially decoded. He can use these credentials to gain access to the router at which point, he can launch other attacks.
Hope that helped.
