Probably been hacked. There was/is a bug with the security on some TP-Link routers that meant the password could be accessed via TFTP, decrypted then used to login and change settings.
Remote admin would have to be enabled for it to have been hacked.
The only work around is to only allow remote access from a single IP address.
The other possibility is that the config file is corrupt...
Either way a factory reset and re-configure will be needed.