RCE as root is already the worst case though. The auth bypass is basically just a convenience feature of the backdoor. So yeah it's mildly interesting but not really a new development of the story.