This vulnerability appears to have quite the sporadic distribution, affecting games as old as Mario Kart 7, and as recent as Nintendo Switch Sports. Especially notable was the former, which got its first patch in 10 years. Also, these are all first-party titles made by Nintendo itself. As mentioned above, the vulnerability also affects at least three different devices, namely the Switch, 3DS and Wii U.
— PabloMK7 (@Pablomf6) December 24, 2022 One of the white hat hackers who discovered the exploit, who goes by @Pablomf6 on Twitter, has a thread explaining the way it works, as well as a link to the report on GitHub. The first post even comes with a video demonstration featuring the Nintendo 3DS. To put it simply, a hacker trying to make use of the vulnerability can combine this with other OS exploits to fully take over your console. And from there, they can proceed to steal sensitive information or take recordings. All this can be done just by having a victim be in the same gaming session as the cybercriminal. Beyond the two games mentioned above, other games that were previously affected by the vulnerability and got fixed by Nintendo include Mario Kart 8 Animal Crossing: New Horizons, Splatoon 2 and 3, as well as Super Mario Maker 2. Though as Nintendo Everything notes, the Wii U versions of the affected games have not been patched, and it’s unclear if any are being worked on. (Source: @Pablomf6 / Twitter, Nintendo Everything)
