Random open ports, UPNP enabled when you don't want it, remote administration enabled. If you are this paranoid, then flash the router with manufacturer firmware and do a factory reset. Then secure it before connecting it to any WAN. Or buy a new one, secure it, and throw this one out. I don't have any magic words to lessen your suspicions.