Something opened my router's status page while I was away
Solution 1:
It's not possible to definitively say that a certain thing caused it, but we can speculate about why.
A malicious program could have discovered your router's address by looking at your computer's current default gateway (e.g. by parsing the output of ipconfig
). Since most consumers' default gateways are small-office/home-office routers, it's a good bet that there's a web interface there. Getting control of a router would be very good for an attacker because the hacker would then have the option of flashing a modified, malicious version of its firmware onto it. If your router gets compromised in that way, it can be used by remote adversaries to mount all kinds of attacks on all the devices on your network.
A program could make web requests to the router directly without trying to go through the very fiddly process of automating a browser's UI. Therefore, it seems more likely to me that if there was an attack going on, it was being perpetrated by a person, maybe hoping to use an authentication bypass exploit.
It would be a good idea to run a scan for malware on your computer. (I like MalwareBytes.) Also check your router's configuration to see if there are any undesired/unnecessary forwarded ports.
In the future, you might be able to get useful information from the event logs if you enable process auditing. You could also look through the Security event log for event 4624 (logon), which for RDP connections specifies the remote IP address.
Solution 2:
The OP saying the modem rebooted/the Internet was down is a strong clue. Many ISPs/cable modem vendors, including the one I use at home, are using the WISPr protocol when the modem has an issue, for the customer to see an error in the browser.
In Apple devices, it is "automagic", in Windows or Linux, it should be enough to have Firefox running in background for a WIPSr message to open a web page.
See my anwer at How does Firefox know my ISP login page? for more details.