CVE-2024-34454

Name of the Vulnerable Software and Affected Versions Nintendo Wii U OS version 5.5.5

Description The issue allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA. This is due to a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature. Additionally, '*' is accepted as a Common Name.

Recommendations For Nintendo Wii U OS version 5.5.5, consider restricting the acceptance of SSL certificates to only those with verified CA details and signatures, and avoid accepting '*' as a Common Name until a proper fix is available. As a temporary workaround, restrict network access to trusted sources to minimize the risk of exploitation.