No, this time the issue was of the PEBKEC type.
I tried to set a password at the first login (following a "standard" common to most devices) instead of a blank one.
I thought that it could be an issue related to a wrong password but I was expecting a http 401 error, not a "Bad Request".
Anyway, with a blank password, all is working now!
It begins my very first experience with OpenWRT.
the previous vendor firmware in this case is a modified OpenWRT image, which uses the same cookie name as a login session as a pure OpenWRT image.
When you flash OpenWRT from the vendor image, there is no formal logout, therefore the now stale session cookie stays in the browser (for a firmware that now no longer exists).
You most likely have not closed and reopened the browser, when you then have experienced the bug. But most likely have closed and reopened the browser, when you were later on able to login flawlessly with blank password into OpenWRT.
I have never verified it: but closing browser, reopen it after flashing factory image from vendor firmware should effectively avoid the issue.
Really possible.
To avoid any cache/cookie/serviceWorkers issue I eventually used a dedicated browser tab (using Firefox + Multi-Account Containers extension) so it was like a new browser.
I couldn't close the browser since I had some job opened.