CVE-2022-47949: Critical RCE flaw affects multiple Nintendo games
A proof-of-concept (PoC) exploit and technical detail related to a remote code execution vulnerability affecting multiple Nintendo games and patched by Nintendo during 2021 and 2022 was published online.
Identified as CVE-2022-47949, the security issue could allow an attacker to execute code remotely in the victim’s console by just having an online game with them. The vulnerability has scored a 9.8/10 (Critical) in the CVSS 3.1 calculator.
The C++ class NetworkBuffer is present in the network library enl (Net in Mario Kart 7) used by many first-party Nintendo games. The vulnerability is caused by improper bounds checking by the NetworkBuffer class. By sending a specially-crafted UDP packet, a remote attacker could overflow a buffer and execute arbitrary code on the system. Researchers codenamed the vulnerability “ENLBufferPwn.”
“The ENLBufferPwn vulnerability exploits a buffer overflow in the C++ class NetworkBuffer present in the network library enl(Netin Mario Kart 7) used by many first party Nintendo games. This class contains two methods Add and Set which fill a network buffer with data coming from other players. However, none of those methods check that the input data actually fits in the network buffer. Since the input data is controllable, a buffer overflow can be triggered on a remote console by just having an online game session with the attacker,” PabloMK7 wrote.
PabloMK7 also shared a proof-of-concept video showing how to exploit ENLBufferPwn in Mario Kart 7.
The CVE-2022-47949 vulnerability has been tested and confirmed to be successfully working on the following games:
- Mario Kart 7 (fixed in v1.2)
- Mario Kart 8
- Mario Kart 8 Deluxe (fixed in v2.1.0)
- Animal Crossing: New Horizons (fixed in v2.0.6)
- ARMS (fixed in v5.4.1)
- Splatoon 2 (fixed in v5.5.1)
- Splatoon 3 (fixed in late 2022, exact version unknown)
- Super Mario Maker 2 (fixed in v3.0.2)
- Nintendo Switch Sports (fixed in late 2022, exact version unknown)
- Probably more…
Nintendo has patched the vulnerability in many vulnerable games. Users are recommended to upgrade their games to the fixed version.