If you have a hardware router between your network and computers the only way they can hack your computers are:
- If you have port forwarding setup to your internal computers where the port forward goes to an insecure application.
- If you do not have port forwarding setup, then they can only set it up remotely if you have remote web management enabled. They could then potentially hack your admin login, if the password is easy, and configure port forwarding to your internal computers.
- If you have remote web management and port forwarding off then you are secure
You are an internal ip address, which means they cannot access it directly over the internet unless you have it configured for port forwarding. See above. If they do get access to your machine, then yes they can see where you go and possible get usernames and passwords.