These all look like authenticated routes, and standard OS command injection stuff. Typical of a lot of home routers. You can probably flash alternative maintained firmware on these 2020 EOL devices.

The thing about home routers, they likely only have a single cred anyway, everything runs as root, so if you have root creds for web/http api you probably have code exec permissions anyway.

Don’t bind your management port to the WAN interface. Use strong creds on the router (never use default, even if it looks “random”, it’s possibly a function that takes the MAC or other public data, which can be derived by the attacker”).