image

You might have noticed that Nintendo has been updating some older games recently. We’re talking about updates for games that haven’t received patches in years, such as Mario Kart 7. We all suspected this was due to some sort of considerable issue or exploit that Nintendo discovered, and now we have a bit more insight.

It turns out these updates were indeed tied to an exploit, and in some cases, games could be messed with simply by playing them online. In particular, Nintendo has been releasing patches to take care of the “ENLBufferPwn” exploit, which is rated a 9.8 / 10 (Critical) on the Common Vulnerability Scoring System (CVSS) scale. This exploit is quite a scary one, as it can pave the way for a third party to fully take over your hardware. Doing so would let the ne’er-do-well access your stored payment information, as well as use the 3DS and Wii U built-in cameras/microphones to record audio and video. Worst of all, this could happen with the user being none the wiser.

Games that could be impacted by this exploit are as follows. Please note that the Wii U games mentioned on this list have not been patched, which means the exploit could still be imployed.

  • Mario Kart 7
  • Splatoon
  • Mario Kart 8
  • Mario Kart 8 Deluxe
  • ARMS
  • Splatoon 2
  • Splatoon 3,
  • Super Mario Maker 2
  • Animal Crossing: New Horizons
  • Nintendo Switch Sports

Add Comment

Comments (7)

Most Upvoted

linktheviking

Not all games are vulnerable. Smash doesn’t have the vulnerability.
You can find the full CVE here https://github.com/PabloMK7/ENLBufferPwn

sligeach_eire

1+ y ago

That's a nasty exploit, particularly on Wii U and 3DS as they have cameras. I still use my Wii U almost daily. Haven't played Splatoon or Mario Kart 8 though in quite some time. I was thinking I might play the second half of the BOTW DLC as I kept that for a special occasion, and with TOTK coming out next year, it might be time to do so.

I was thinking, Nintendo haven't released any patches for Splatoon and Mario Kart 8, I hope it's not because they're just going to shut down the online play soon anyway on the Wii U and 3DS.


kingbroly

1+ y ago

I can see why they aren't doing Wii U/3DS patches since their online servers are down.

Not sure why Smash Ultimate is being left out, though.


linktheviking

1+ y ago

@kingbroly

Not all games are vulnerable. Smash doesn’t have the vulnerability.
You can find the full CVE here https://github.com/PabloMK7/ENLBufferPwn


socar

1+ y ago

Ok so as long as you don't yet have these games, are you good to game on?


ngamer01

1+ y ago

@socar

If you're on a game that is unpatched, as long as you stay out of online multiplayer, you should be fine I think. For example take Splatoon 1: You should be ok to play Hero Mode (single player) and to look around the main plaza area as long as you don't go online to join lobbies for Turf War and the like or check player profiles.

All that's needed for things to go boom is for you to connect to a hacker on an unpatched game.

Edited 2 times

sligeach_eire

1+ y ago

Unbelievable! It's almost like some people didn't even bother to read the story properly or follow a link. Not that they needed to follow the link, as the story here contains all the relevant information.


linktheviking

1+ y ago

@sligeach_eire

Are you ok hun? You seem stressed.