#Nintendo takes down game servers impacted by hack

Nintendo has taken down the #WiiU Servers for #MarioKart8 and #Splatoon1. Officially for temporary Network maintenance, but it's likely they are (finally) looking into the impact of the #ENLBufferPwn, an unpatched exploit on #3DS / #Wii that allows attackers to take remote control of your console simply by joining the same online game as you.

#NintendoOnline
https://wololo.net/2023/03/06/nintendo-takes-down-game-servers-impacted-by-hack/

Nintendo Japan's Tweet:

https://twitter.com/nintendo_cs/status/1631514260353298434

📬 Nintendo nimmt Mario Kart 8 und Splatoon auf der Wii U offline
#Gaming #ITSicherheit #ENLBufferPwn #Exploit #Fehlercode1060811 #MarioKart8 #Nintendo #OatmealDome #Sicherheitslücke #Splatoon #Wartungsarbeiten #WiiU https://tarnkappe.info/artikel/gaming/nintendo-nimmt-mario-kart-8-und-splatoon-auf-der-wii-u-offline-266359.html

Just thinking a bit more about #ENLBufferPwn for #WiiU, and I actually just went back to wondering why the Mario Kart 8 exploit video was privated, and this could be possibly #Nintendo having no plans to patch it?

The authors seem like nice people (I've had a few conversations with one of the authors), and I could see them removing it because Nintendo has no plans to patch it, and to protect users who play these games.

Purely nothing factual rn, but it would make sense.

I'm giving Nintendo until January 10th. If they don't patch the ENLBufferPwn vulnerability on Wii U, then I will release this video.

https://1drv.ms/w/s!AgNafXziV9SskkkIVF1e2zgoSdFs

I'm currently trying to work with PabloMK7, and I hope it ends up happening, but if not, I'd appreciate it if someone with a good knowledge of coding could help me explain this better to those who don't, I'd be happy to leave attribution.

#rce #cve #vulnerability #coding #wiiu #3ds #switch #pretendo #enlbufferpwn #bufferoverflow

ENLBufferPwn (CVE-2022-47949)

// by @Pablomf6@twitter.com

"The #ENLBufferPwn vulnerability exploits a buffer #overflow in the C++ class NetworkBuffer present in the network library enl (Net in Mario Kart 7) used by many first party #Nintendo games. This class contains two methods Add and Set which fill a network buffer with data coming from other players. However, none of those methods check that the input data actually fits in the network buffer. Since the input data is controllable, a buffer overflow can be triggered on a remote console by just having an online game session with the attacker."

https://github.com/PabloMK7/ENLBufferPwn

📬 ENLBufferPwn macht Nintendo 3DS, Wii U und Switch angreifbar
#Gaming #Hacking #ENLBufferPwn #Exploit #Nintendo3DS #NintendoSwitch #NintendoWiiU #PabloMK7 #RemoteCodeExecution https://tarnkappe.info/artikel/hacking/enlbufferpwn-macht-nintendo-3ds-wii-u-und-switch-angreifbar-261574.html