Most likely you just accessed it from your local network? If the IP address is not 10.x.x.x, 192.168.x.x, or 172.16-31.x.x then you should log into your router and turn off remote access. Many routers have the ability to managed from the open internet and not the local network which opens them up to brute force attacks among other things. I'd start by making sure you can only access the router from the local network.
Second, when you go to that site do you have to provide a password? Has it been changed from the default? If not, change this password. Routers have gotten better in past 3 years about not using the same default password across all the devices, but it's still worth checking and changing.
If you do this, you should be pretty protected from rogue log in. Interestingly, most routers have logs also, if you dig around you can find them and probably see who and how many times someone might have tried to log into your router.
For reference, here is how to find the enable/disable button for remote web access: https://www.microcenter.com/tech_center/article/8339/how-to-set-up-remote-access-on-a-tenda-fh1201
And to answer the final question, if someone can access the router from the internet and changes the settings to allow them inbound access to your network: yes they can attack all the devices on your local LAN. There are multiple ways this can look