If the published config for your router is complete, then your router is probably already hacked because you don’t have any firewall protection. I suggest you to start from default firewall filter list, it is a decent starting point.
Anyhow, MT routers perform two (very) distinct tasks: routing and firewalling. Your router right now does the routing between all of its interfaces which have IP addresses set, VLANs included. What your device is not doing right now is firewalling - essentially that’s blocking unwanted (forbidden) connections which might include all connections between e.g. VLAN 7 and VLAN 10. So you’ll have to construct some appropriate chain=forward action=drop rules.
After you grt that sorted out, you can go back to configuring VLANs on your AP … the way you have it now is overly complicated. I suggest you to study this thread, it makes a very nice tutorial.
You could convert config of router as well, but this one is not that ugly 