this is definitely a backdoor, not necessarily that they use it to infiltrate users but definitely they put them at risk.

reminds me of a bug I found in some tplink router it compared passwords of 3 different users but that table was empty so basically 15 NULL bytes would log you in as admin lol