CVE-2024-34454 Information

Description

Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because is accepted as a Common Name).

Reference

https://github.com/PretendoNetwork/SSSL https://github.com/PretendoNetwork/SSSL-DNS