"Here is ENLBufferPwn, a severe vulnerability in many first-party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker.." - Pablo
"Combined with other OS exploits, this vulnerability could allow an attacker to achieve full console takeover, and steal sensitive information or take audio/video recordings.."
It has 9.8/10 (critical value) in the CVSS v3.1 calculator.