Nintendo Patches ENLBufferPwn Vulnerability that Could Lead to Complete Console Takeover

Nintendo has issued a patch for a high-severity vulnerability that would have allowed attackers to completely take over Switch, 3DS and Wii U game consoles.

High-severity vulnerabilities often receive names, and the same is true for this one. It's called ENLBufferPwn, and it has been known for a while. In fact, Nintendo already issued a patch for Mario Kart 7, which was initially launched in 2011, trying to fix the ENLBufferPwn vulnerability. As it turns out, the vulnerability is present in multiple other titles.

According to a NintendoEverything report, numerous other games have been patched for this vulnerability, including Mario Kart 8 Deluxe version 2.1.0, Animal Crossing: New Horizons version 2.0.6, ARMS version 5.4.1, Splatoon 2 version 5.5.1 and Super Mario Maker 2 version 3.0.2.

Unfortunately, the vulnerability affects some games that might be impossible to patch after so many years, but the list of patched titles is already available on the official GitHub page for ENLBufferPwn.

"ENLBufferPwn is a vulnerability in the common network code of several first-party Nintendo games since the Nintendo 3DS that allows an attacker to execute code remotely in the victim's console by just having an online game with them (remote code execution)," reads the GitHub page.

"It was discovered by multiple people independently during 2021 and reported to Nintendo during 2021 and 2022," the researchers added. "Since the initial report, Nintendo has patched the vulnerability in many vulnerable games. The information in this repository has been safely disclosed after getting permission from Nintendo."

The vulnerability itself is dangerous, but it needs to be chained with other OS vulnerabilities to lead to a complete console compromise.