The router itself is being broadcasted over the internet for remote management, so anyone with my IP could log into the router. Even though I don't have it enabled it, it's still being accessible over the internet. I've changed the password from the default "admin" to a more secure one (numbers/letters). However it's still irritating in the potential security risk I'm feeling.
In the UK, using the router DSL-2740B on firmware revision EU_2.95.
Thanks.