A major security vulnerability called “ENLBufferPwn” has been found in multiple Nintendo games across the Wii U, 3DS, and Nintendo Switch platforms, prompting a string of updates that includes games like the decade-old Mario Kart 7.
Uncovered and reported to Nintendo in 2021 by PabloMK7, Rambo6Glaz, and Fishguy6564, the security flaw would allow a hacker to take over a victim’s console simply by the two meeting in an online match. When combined with other exploits, the hacker could gain access to sensitive information stored on the victim’s console. The vulnerability was rated 9.8/10 (critical) by the CVSS 3.1 Calculator which measures the dangers of such security flaws.
Nintendo is aware of the issue at hand and has already taken steps to combat it. Switch games such as Mario Kart 8 Deluxe, Animal Crossing: New Horizons, Arms, Splatoon 2, and Super Mario Maker 2 have all been updated to prevent the vulnerability. Likewise, games like Nintendo Switch Sports and Splatoon 3 either released with protections already in place or protections were included in an update shortly after launch. Mario Kart 7 has been updated as well, leaving the last two known games with the vulnerability being Mario Kart 8 for the Wii U, and the original Splatoon for Wii U. However, it is possible this is present in more games than are currently reported. So as always, be sure to report any suspicious behavior to Nintendo’s Customer Service.
More details on the “ENLBufferPwn” and the situation can be found on the GitHub website and on this Twitter thread. While the threat is serious, it is good to see that Nintendo has already taken action against it in both their latest releases and games over a decade old. Please stay safe while playing Triforce Heroes and any other online games, and once again be sure to report anything suspicious to Nintendo.
