The router you have is a standard consumer home wifi router, so its default configuration should be safe to use, as long as you change the password to manage the router, and do not enable any unsafe practices like remote management etc.
First, be sure that the upstream device you are getting Internet through is connected to the Yellow "Internet" plug on the back of the device. This will ensure that folks upstream from you are outside the network your router is defining.
Home routers use a technology called NAT, that works with your firewall, to allow you to request resources from the Internet, without allowing people on the Internet access to your LAN. Be careful about technologies like Port Forwarding (sometimes called virtual services) and DMZ (De-Militarized
Zone), as those instruct NAT to let some unsolicited inbound traffic through.
Be sure to change your routers administrator password, and use a long/strong password to replace it.
Make sure people can't physically access the router. None of these protections (except the password change) will do anything at all if someone can just jack into the LAN.
Other than that, its about as good as you are going to get it. These devices won't stand up to serious scrutiny (nation-state level actors for instance) but will defeat the average adversary.
3Can you provide a network diagram? It isn't clear from your description how it's all connected. – Darren – 2017-03-06T13:41:49.533
1A generic answer to your question (can a router be illicitly managed via a connection to the WAN), is "Mabey". There have been a number of cases of individual router models being vulnerable to exploits that allow illicit management, and there is always the possibility that you have misconfigured it. so based on what you have told us, that is the best and most accurate answer you can get. – Frank Thomas – 2017-03-06T13:48:53.530
Thanks Frank. I cleaned the devices list and rebooted the router. Then, it is gone. What really concerns me is that the MAC filter only work for limiting wireless access right? So, there is no way to stop any intruder getting in via the LAN? – Jenni – 2017-03-06T13:56:31.150
well, other than your firewall or NAT policies. how is your router configured? you are correct MAC whitelisting only applies to wireless on most consumer grade routers. – Frank Thomas – 2017-03-06T13:58:08.267
Well, I am not really an expert on this. What shall I look for? Everything is as per factory default expect I have changed the SSID name, router password, account password and MAC filter. It is a Linksys AC1900. – Jenni – 2017-03-06T14:06:43.110