CVE-2024-45200
📋 TL;DR
CVE-2024-45200 (KartLANPwn) is a stack-based buffer overflow vulnerability in Nintendo Mario Kart 8 Deluxe's LAN/LDN multiplayer implementation. Attackers can send malformed browse-reply packets to trigger denial-of-service or potentially remote code execution on victim consoles. Affected users are those playing Mario Kart 8 Deluxe who open the Wireless Play or LAN Play menu without joining an attacker's session.
💻 Affected Systems
- Nintendo Mario Kart 8 Deluxe
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution on the Nintendo Switch console, potentially allowing full system compromise.
Likely Case
Game process crash leading to denial-of-service, requiring game restart.
If Mitigated
No impact if patched to version 3.0.3 or if network controls prevent malicious packets.
🎯 Exploit Status
Proof-of-concept code available on GitHub. Exploitation requires sending crafted packets to victim's console when they browse for LAN games.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.3
Vendor Advisory: https://en-americas-support.nintendo.com/app/answers/detail/a_id/63426
Restart Required: Yes
Instructions:
1. Ensure Nintendo Switch is connected to internet. 2. Launch Mario Kart 8 Deluxe. 3. Game will prompt for update or check for updates in system settings. 4. Install update 3.0.3. 5. Restart game.
🔧 Temporary Workarounds
Disable LAN Play
allAvoid using Wireless Play or LAN Play features until patched.
N/A - Manual configuration in game
Network Segmentation
allIsolate Nintendo Switch consoles on separate VLAN from untrusted devices.
N/A - Network configuration required
🧯 If You Can't Patch
- Avoid using LAN Play or Wireless Play multiplayer features
- Use only local wireless (same room) or online multiplayer through Nintendo servers
🔍 How to Verify
Check if Vulnerable:
Check game version in Mario Kart 8 Deluxe main menu or Nintendo Switch home screen game options.Check Version:
N/A - Check via game interface: Main Menu → Options → Version displayVerify Fix Applied:
Confirm game version is 3.0.3 or higher in game menu or system settings.📡 Detection & Monitoring
Log Indicators:
- Game crash logs with memory violation errors
- Unexpected process termination of Mario Kart 8 Deluxe
Network Indicators:
- Unusual UDP traffic on port 11451 (LDN protocol)
- Malformed browse-reply packets in LAN traffic
SIEM Query:
N/A - Console game with limited logging capabilities