CVE-2022-47949
published 2022-12-24CVE-2022-47949: The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
16.89%
96.7th percentile
The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2, Mario Kart 8, Mario Kart 8 Deluxe before 2.1.0, ARMS before 5.4.1, Splatoon, Splatoon 2 before 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 before 3.0.2, and Nintendo Switch Sports before late 2022.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nintendo | animal_crossing | < 2.0.6 | 2.0.6 |
| nintendo | arms | < 5.4.1 | 5.4.1 |
| nintendo | mario_kart_7 | < 1.2 | 1.2 |
| nintendo | mario_kart_8 | < 2.1.0 | 2.1.0 |
| nintendo | splatoon_2 | < 5.5.1 | 5.5.1 |
| nintendo | super_mario_maker_2 | < 3.0.2 | 3.0.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit is delivered over UDP — a large/oversized UDP packet triggers a buffer overflow in the NetworkBuffer C++ class (enl/Net network library). Monitor for abnormally large UDP datagrams sent to Nintendo online gaming sessions. ↗
- →The vulnerable component is the C++ class 'NetworkBuffer' inside the 'enl' or 'Net' network library present on Nintendo Switch, 3DS, and Wii consoles. Target detection at this class/library in firmware or memory analysis. ↗
- →Exploitation requires the attacker to be in the same online game session as the victim. Suspicious co-session activity (e.g., unknown players joining) on affected Nintendo titles should be treated as a potential attack vector. ↗
- →Successful exploitation results in remote code execution on the console. Post-exploitation forensics should look for unexpected process spawning or network callbacks from Nintendo console processes. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2022-12-24
Published