These malware seldomly work that way. They find a way in and remember that way in the malware cloud and if they get kicked out by a power outage they try the same way again.
This usually happens within minutes of power on if the way in still stands, which it usually does after a power outage.
A case that it would sleep for a day or weeks inside the router. Well it could theoretically happen but have anyone heard about a single case of that happening?
I assume this person isn’t a government prioritized target that will be hit with the latest and best shit the cyberforce can bring to bare on this poor homerouter.
It would be more likely that the malware then lives in some lan device brought home from the usual daily surf and attack the router from within. So if we are so paranoid then all IT equipment at home must be destroyed.
But my recommendation stand fast, wait and observe what happens.