Nintendo has patched a severe vulnerability that has been found in a few Nintendo Switch, 3DS, and Wii U games that could have given hackers and attackers the ability to "achieve full console takeover".
This breach in Nintendo's security has mostly been patched up from our research, but there are still a few games they are working to get squared away. The breach was found back in 2021 by PabloMK7, Rambo6Glaz, and Fishguy6564. This vulnerability was said to be so severe, it was given a 9.8/10 in the Common Vulnerability Scoring System Version 3.1 Calculator, also known as the CVSS v3.1.
So what was this huge exploit? The exploit has been titled "ENLBufferPwn", and it allowed hackers to seemingly take over a player's entire console remotely by simply playing a game against them online or with them in a match. That means that players were exposed to losing control over their console just by playing the games they know and love. So far, the games affected were Mario Kart 7, Mario Kart 8, Mario Kart 8 Deluxe, Animal Crossing: New Horizons, ARMS, Splatoon, Splatoon 2, Splatoon 3, Super Mario Maker 2, and Nintendo Switch Sports. This is all according to the GitHub page created by PabloMK7.
At this time, these are the games known to be affected by the breach, but at the time of writing we are unsure if anymore have been confirmed or patched up previously. It is also worth noting that both Mario Kart 8 and Splatoon on the Wii U console have yet to be fixed, and those who actively play the game should be aware that they are still vulnerable. One would assume there are more games that might be at risk of this exploit, but again that is not currently confirmed.
Those who brought this issue to the Nintendo's HackerOne program's attention were graciously rewarded $1000 in return for their good deed, and hopefully others that spot exploits like this will bring it to the programs attention as well to keep their fellow gamers safe.
