Nintendo - HackerOne Reports
View on HackerOne14
Total Reports
2
Critical
4
High
3
Medium
0
Low
[3DS][StreetPass] Heap Overflow in Swapnote parser leads to userland StreetPass RCE
Reported by:
mrnbayoh
|
Disclosed:
Weakness: Heap Overflow
[Switch, PIA/MK8DX] Stack buffer overflow and potential RCE in PIA (LAN/LDN, possibly NEX) room info deserialization
Reported by:
regginator
|
Disclosed:
Medium
Weakness: Stack Overflow
[3DS][SSL][SDK] Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player
Reported by:
mrnbayoh
|
Disclosed:
Weakness: Heap Overflow
[MK8DX] Improper metadata validation 2
Reported by:
crazy_man123
|
Disclosed:
High
Weakness: Array Index Underflow
Arbitrary code execution in TSEC Heavy Secure, return-oriented programming in TSEC Secure ROM, and recovery of TSEC-derived cryptographic secrets
Reported by:
lnchan
|
Disclosed:
Medium
Weakness: Privilege Escalation
[3DS][StreetPass] Buffer Overflow in Super Mario Maker level decompression
Reported by:
mrnbayoh
|
Disclosed:
Weakness: Heap Overflow
[MK8DX] Improper verification of Competition creation allows to create "Official" competitions
Reported by:
crazy_man123
|
Disclosed:
High
Weakness: Improper Access Control - Generic
[3DS][SSL] Improper certificate validation allows an attacker to perform MitM attacks
Reported by:
mrnbayoh
|
Disclosed:
Weakness: Improper Certificate Validation
[MK8DX] Improper metadata parsing
Reported by:
crazy_man123
|
Disclosed:
Critical
Weakness: NULL Pointer Dereference
[Xenoblade Chronicles X: Definitive Edition] Unrestricted RPCs allow DoS and writing arbitrary flags remotely
Reported by:
roccodev
|
Disclosed:
Critical
Weakness: Resource Injection
[WiiU/Switch] Remote code execution inside the ENL library
Reported by:
crazy_man123
|
Disclosed:
High
Weakness: Classic Buffer Overflow
[WiiU/Switch] nullptr dereference in the ENL framework
Reported by:
crazy_man123
|
Disclosed:
High
Weakness: NULL Pointer Dereference
[3DS][SSL] Use of uninitialized class member leads to RCE in eShop movie player
Reported by:
mrnbayoh
|
Disclosed:
Weakness: Use After Free