0001それでも動く名無し
2023/01/09(月) 07:54:22.64ID:CCjcnyT8aENLBufferPwn is a vulnerability in the common network code of several first party Nintendo games since the Nintendo 3DS that allows an attacker to execute code remotely in the victim's console by just having an online game with them (remote code execution). It was dicovered by multiple people independently during 2021 and reported to Nintendo during 2021 and 2022. Since the initial report, Nintendo has patched the vulnerability in many vulnerable games. The information in this repository has been safely disclosed after getting permission from Nintendo.
The vulnerability has scored a 9.8/10 (Critical) in the CVSS 3.1 calculator.
Here is a list of games that are known to have had the vulnerability at some point (all the Switch and 3DS games listed have received updates that patch the vulnerability, so they are no longer affected):
Mario Kart 7 (fixed in v1.2)
Mario Kart 8
Mario Kart 8 Deluxe (fixed in v2.1.0)
Animal Crossing: New Horizons (fixed in v2.0.6)
ARMS (fixed in v5.4.1)
Splatoon
Splatoon 2 (fixed in v5.5.1)
Splatoon 3 (fixed in late 2022, exact version unknown)
Super Mario Maker 2 (fixed in v3.0.2)
Nintendo Switch Sports (fixed in late 2022, exact version unknown)
Probably more...
https://github.com/PabloMK7/ENLBufferPwn
