I,m IT Expert ... but finally i find out that not possible !!
Very fun... Generally I agree with you - everything can be hacked.
Question only in resources spent (time, money, equipment etc)
0. Use non-standard ports.
1. Use VPN for access. To hack proper vpn much more harder then hack telnet or http protocol.
2. Use HTTPS - even if open port to hack it not so easy. Sure you must use proper certificates not just open port.
3. Use Whitelists
4. Use Port-knocking technique. For paranoiacs - with complex 3-4 stages logic %))
5. Add some intelligence to router by detecting brute-forces. In my block-list I have usually ~5000 blocked ips.
6. The same as previous but use external sources for blacklists. I saw such lists with auto updating scripts here in the forum.
7 don't use stickers with passwords on you monitor or something like that %)
and if use all 0+1+2+3+4+5+6 then instead to directly hack you router will be much easier hack system administrators with Rubber-hose cryptanalysis ( in Russian as терморектальный криптоанализ ) ...For usual office/home router it is enough 2-3 methods from listed above.
And don't use http, telnet, ssh for accessing your router globally (and sometimes - locally) at all.
Don't use https, WinBox without additional protections from listed above.
Put all Internet globally exposed services each in own DMZ zones. In such case if somebody hack your server it hack only this server without any additional access to router or internal network.
With WinBox straightness - difficult to say due to its proprietary protocol...
Yes, I know people tried reversed engineered it (for creation custom applications), it can be analysed but in 99.99% nobody will do it.
Specially for Expert - give full access to router via WiFis not good idea...