Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-47949

Published: 24/12/2022 Updated: 06/01/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Nintendo

Vulnerability Summary

The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons prior to 2.0.6 and other products, allows remote malicious users to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 prior to 1.2, Mario Kart 8, Mario Kart 8 Deluxe prior to 2.1.0, ARMS prior to 5.4.1, Splatoon, Splatoon 2 prior to 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 prior to 3.0.2, and Nintendo Switch Sports before late 2022.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nintendo splatoon 2

nintendo super mario maker 2

nintendo splatoon

nintendo splatoon 3

nintendo switch sports

nintendo arms

nintendo animal crossing\\ _new_horizons

nintendo mario kart 8 -

nintendo mario kart 8

nintendo mario kart 7

Github Repositories

https://github.com/dgwynne/udp-bind-proxy

A proxy to enable UDP NAT traversal for Nintendo Switch online gameplay

udp-bind-proxy This implements a proxy to try support online gameplay for a Nintendo Switch The problem The Nintendo Switch does not appear to use existing technologies such as UPnP (Universal Plug and Play) or STUN (Session Traversal Utilities for NAT) to support online multiplayer gaming Instead, they appear to rely on IP network socket semantics that haven't worked re

https://github.com/PabloMK7/ENLBufferPwn

Information and PoC about the ENLBufferPwn vulnerability

ENLBufferPwn (CVE-2022-47949) CVE: CVE-2022-47949 CVSS v31: 98/10 (Critical) Authors: PabloMK7, Rambo6Glaz, Fishguy6564 Reported: August 8th, 2021 (Mario Kart 7) April 14th, 2022 (for the impacted WiiU and Switch games) Disclosed: December 22nd, 2022 Table of contents Description Vulnerability details ENLBufferPwn in Mario Kart 7 (3DS) Technical details

References

CWE-120https://github.com/PabloMK7/ENLBufferPwnhttps://nvd.nist.govhttps://github.com/dgwynne/udp-bind-proxy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook