

In such a system, the ESP32 fully trusts the host. If an attacker maliciously gains control over the host system, they could potentially issue these debug commands to influence ESP32’s behavior. However, an attacker must first compromise the host device, making this a second-stage attack vector rather than a standalone vulnerability. Or, gain a physical access to the device to send the HCI commands over serial interface.
Does this even count as backdoor? Not really if you have to have access to the device in the first place.
A another tool which whole point is to prevent any change from happening in the name of security. Not only will it not succeed, but because the powers that be want to build dams and not solve contradictions underlying the problem, they will just make the end result more abrupt, violent and bloody.