A severe vulnerability has been discovered in select Nintendo Switch games, as well as 3DS and Wii U games. Dubbed ENLBufferPwn, the vulnerability opens up users of these Nintendo devices to hackers who only need to share an online game session with their victim to access their device. According to the CVSS 3.1 calculator, the issue is a 9.8 on a 10-point scale. In other words, it’s a very serious issue. Thankfully Nintendo is aware of it and slowly addressing the problem.
Over on Twitter, a well-known Nintendo 3DS homebrew developer relayed word of the issue in a recent thread. According to the developer, it’s an issue plaguing “many” Switch, 3DS, and Wii U games and “allows remote code execution in a victim console,” which can lead to the console being completely taken over. Of course, this could lead to various issues, including your sensitive information being stolen.
“Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first-party 3DS, Wii U, and Switch games,” reads the thread. “It allows remote code execution in a victim console by just having an online game session with an attacker. Combined with other OS exploits, this vulnerability could allow an attacker to achieve full console takeover, and steal sensitive information or take audio/video recordings. It has scored 9.8/10 (Critical) in the CVSS 3.1 calculator.”
The thread continues, noting that Nintendo, aware of the issue, has been releasing patches to games affected by the issue throughout 2022. And it’s been able to do this because the issue was found in 2021, and reported to Nintendo via a bounty system. Providing an example, the developer reveals they found the issue in Mario Kart 7 and were awarded $1000 for relaying it to Nintendo.
Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker.
Vulnerability report: https://t.co/QbvXKQLeDf
— PabloMK7 (@Pablomf6) December 24, 2022
At the moment of publishing, there are still games plagued with the issue and there’s no word of when this will change. In fact, Nintendo hasn’t said a peep about any of this, at least not via official PR communication channels. If this changes, we will be sure to update the story accordingly. In the meantime, for more coverage on all things Nintendo — including not just the latest news, but the latest deals, rumors, leaks, and even speculation — click here.
This news is republished from another source. You can check the original article here