Nintendo Switch users alerted to critical vulnerability in games

A critical vulnerability has been discovered in select Nintendo Switch games, as well as 3DS and Wii U games. Dubbed ENLBufferPwn, the vulnerability opens users of these Nintendo devices to hackers who only need to share an online game session with their victim to gain access to their device. According to the CVSS 3.1 calculator, the problem is 9.8 on a 10-point scale. In other words, it’s a very serious issue. Fortunately, Nintendo is aware of this and is slowly addressing the issue.

On Twitter, the famous home brew Nintendo 3DS developer passed on word of the problem in a recent thread. According to the developer, it’s an issue encountered by “many” Switch, 3DS, and Wii U games that “allow remote code execution in the victim’s console,” potentially leading to the console being taken over entirely. Of course, this can lead to various problems, including theft of your sensitive information.

“Here is ENLBufferPwn (CVE ID Pending), a critical vulnerability in several first-party 3DS, Wii U and Switch games,” the thread reads. It allows remote code execution in a victim’s console by simply conducting an online game session with an attacker. Combined with other operating system exploits, this vulnerability could allow an attacker to achieve complete takeover of the console, stealing sensitive information or taking Audio/Video Scores. It scored 9.8/10 (critical) on the CVSS calculator 3.1″.

The thread continues, stating that Nintendo, aware of the issue, has released patches for affected games throughout 2022. It was able to do so because the issue was found in 2021, and reported to Nintendo via a reward system. When providing an example, the developer reveals that he found the problem in Mario Kart 7 and was paid $1,000 for porting it to Nintendo.

At the time of publication, there are still games that suffer from the problem and there is no word on when that will change. In fact, Nintendo hasn’t given a hint about any of this, at least not via its official PR communication channels. If this changes, we’ll be sure to update the story accordingly. In the meantime, for more coverage on all things Nintendo — including not just the latest news, but the latest deals, rumors, leaks, and even speculation — click here.


(Visited 15 times, 1 visits today)

Related posts