Warning: some things I say in this post might not be correct.
Using JBME code from Luca’s to exploit the Nintendo Switch:
If we head over to http://jbme.qwertyoruiop.com you can see in the source code the Pegasus WebKit exploit for iOS 9.3 - 9.3.3 this WebKit exploit is applicable to Switch OS 2.0.
Now that we have that out of the way let me demonstrate how this could work.
If we remove the iOS specific things out of the exploit we can get somewhat of a usable exploit for the switch.
Since we can’t access the Switch browser to run this we have to make a captive portal. I’m sure most of you know what a captive portal is. If you use BurpSuite for this I’m pretty sure you can get it running.
You can make a simple HTML site so you can test this. I won’t provide much detail as how this exploit works but I know it will definitely work on Switch OS 2.0. If anyone who is reading this has a switch on 2.0 please respond with your results.
Update: I found a video related to this topic. Here: https://youtu.be/xkdPjbaLngE