It appears that Nintendo has been silently working behind the scenes to keep 3DS, Wii U, and Switch players safe from a “severe” exploit while they are gaming online.
The recently-uncovered exploit, titled “ENLBufferPwn”, allows hackers to remotely execute code in a victim’s 3DS/Wii U/Switch system by simply sharing an online game session in first party 3DS, Wii U and Switch games. This essentially allows a “full console takeover” where a hacker can steal sensitive information or take audio/video recordings from the victim’s 3DS/Wii U/Switch system.
This security vulnerability is considered so serious that it has been rated with a “critical score” of 9.8/10 in the Common Vulnerability Scoring System Version (CVSS). It was apparently reported via Nintendo’s HackerOne program sometime in 2021/2022 by @Pablomf6, who received a $1000 “bounty” as a reward for doing so.
Since then, it is understood that the following titles are affected by the exploit, with Nintendo attempting to patch it out (list courtesy of PabloMK7, Rambo6Glaz, and Fishguy6564):
It is unknown if any other Nintendo-developed games are affected by the issue. We’ll report back if we hear more in the future.
Ahead of the game's release next week, eagle-eyed fans may have discovered the developer behind…
Earlier this week, Nintendo filed a lawsuit against Palworld creator Pocketpair, alleging that their game…
Publisher indie.io and developer Maple Powered Games have released a new trailer for G.I. JOE:…
Netflix has announced the premier date for their upcoming anime series based on Devil May…
Publisher Square Enix Collective and developer FuturLab have announced the release date for the “‘Shrek…
The Pokemon Company has released a new promo for Pokemon Trading Card Game Pocket. This…