![]() ![]() ![]() It seems Nintendo are finally taking action to protect 3DS and Wii U owners (malicious users could easily leverage the hack to permanently brick your console), by removing Online access for two of the still impacted games, Mario Kart 8 and Splatoon 1. Some of these videos have since been removed, but you can still find a few of them on youtube.ĮNLBufferPwn, is my Nintendo Switch at risk? Videos shared online at the time of the disclosure showed amusing (but concerning) videos demonstrating how easily someone could mess up your game simply by joining the same online room as you, and the exploit was also used to demonstrate the possibility to remotely install custom firmware on the console (full access to a console is a feature we generally like here at, but obviously not if it’s done without you knowing about it). Nintendo Switch Sports (fixed in late 2022, exact version unknown).Splatoon 3 (fixed in late 2022, exact version unknown).Animal Crossing: New Horizons (fixed in v2.0.6).Here is a list of games that are known to have had the vulnerability at some point (all the Switch and 3DS games listed have received updates that patch the vulnerability, so they are no longer affected): The vulnerability has scored a 9.8/10 (Critical) in the CVSS 3.1 calculator. The information in this repository has been safely disclosed after getting permission from Nintendo. Since the initial report, Nintendo has patched the vulnerability in many vulnerable games. It was discovered by multiple people independently during 2021 and reported to Nintendo during 20. From the initial disclosure:ĮNLBufferPwn is a vulnerability in the common network code of several first party Nintendo games since the Nintendo 3DS that allows an attacker to execute code remotely in the victim’s console by just having an online game with them (remote code execution). (Switch is less impacted because running arbitrary code through a game exploit is much more difficult there). It was disclosed back in December 2022 and it appears Nintendo haden’t fixed all the games at the time, in particular older games running on their older generation consoles (whether for financial or technical reasons is unclear).ĭue to older and less secure code stacks, the 3DS and Wii U are particularly impacted by the hack which allows a malicious user to take control of these consoles remotely, simply by joining the same game as you. What is ENLBufferPwn for Nintendo Switch, Wii U, and 3DS?ĮNLBufferPwn is a hack impacting first party Nintendo games on 3DS, Wii U, and Switch. Officially for temporary Network maintenance, but it’s likely they are (finally) looking into the impact of the ENLBufferPwn, an unpatched exploit on 3DS/Wii that allows attackers to take remote control of your console simply by joining the same online game as you. ![]() Nintendo have taken down the Wii U Servers for Mario Kart 8 and Splatoon 1. ![]()
0 Comments
Leave a Reply. |