What will you recommend to do to make my router less vulnerable? I want to make it as secure as possible.
P.S: CSRF in admin panel available?
This depends in which way you want to secure it 
, and the view what the minimum tolerance of security should be.
By default the routers should be very secure already from the outside, the only thing you might want to disable is ping from the outside.
you can choose in luci wether how far you want to leverage ssh or disable it fully, i often choose to use ssh for my management network with key authentication rather than passwords due to my experience with servers, though since it is a router and not a server I’m okay with it to have things under root user because i do not have much services open on the internet, ssh is local for me, if i use remote services i shield it with a vpn server and a preshared key 
For iot devices you may want to use the guest network feature or isolate them via vlans, you may choose wether you also want to block the web ui from that subnet.
But with the default settings you should also be okay 