There totally is authenticated RCE, for instance a PHP page that contains a RCE but needs a prior authentication to access the resource.

All RCEs are classified in either unauthenticated or authenticated, the former being the worst (or best if you're a researcher/hacker).