Reporting a security vulnerability to an independent hotel.

I was staying at a mom and pop hotel in the middle of the woods. Their WiFi went down and no one from front desk picked up.

I went to default router IP Noted the make of router Tried default user/pw combo, it worked. I rebooted the router, net came back up. Left admin page.

A few questions:

1. How big is this vulnerability if I was a malicious actor to, A. The hotel B. The guests

2. Chances of legal action against myself for doing this without prior authorization

3. Chances im wasting my time and it will fall on deaf ears if reported