We all love the best Switch games, but playing first-party titles online can be pretty risky over the past 12 months and more. That’s because hackers could have exploited a vulnerability in the online elements of Switch, Nintendo 3DS and Wii U to compromise your gaming experience, steal private information and even take full control of your console.
Known as ENLBufferPwn, this exploit was given a score of 9.8/10 (Critical) by Common vulnerability scoring system (opens in a new tab) used to measure such weaknesses. The gaming giant was first found in 2021 and reported to Nintendo, and has quietly fixed the vulnerability in leading titles such as Nintendo Switch Sports, Mario Kart 8and Splatoon series through 2022. First-party games were particularly vulnerable to a C++ buffer overflow in the network library, making them prime targets for those who weren’t good.
New security issues emerged after the homebrew developer PabloMK7 (opens in a new tab) tweeted that they had discovered ENLBufferPwn in Mario Kart 7 on 3DS in December 2022 with a video demonstrating the hacking method. But as reported by Eurogamer (opens in a new tab)Nintendo has now fixed the issue for this game as it updated the title for the first time in a decade after PabloMK7 and others reported it via Nintendo’s HackerOne program.
Here is ENLBufferPwn (CVE ID pending), a serious vulnerability in many first-party 3DS, Wii U, and Switch games. It allows remote code execution in a victim console by simply having an online game session with an attacker. Vulnerability report: pic.twitter.com/4qewU5YQ9x24 December 2022
Despite this quick fix, and the effective response to ENLBufferPwn through 2022, Nintendo owners should weigh the risks of playing first-party games online right now. It should be safe to play with friends and trusted groups, but there may still be other vulnerable titles or another way for malicious hackers to take advantage of exploits.
Switch players who are unsure if their online game of choice has been patched may want to stick to single player titles like the excellent The Legend of Zelda: Breath of the Wild. Those who play online on previous generation consoles such as the 3DS or Wii U should be especially careful as updates for games on these platforms are rare compared to the well-supported Switch.
Nintendo has not made an official comment on ENNLBufferPwn, but keeping your software and hardware up to date with the latest versions is one of the best ways to protect yourself. And if you experience problems in a first or third-party game, be sure to report it to Nintendo as soon as possible.
