People think emulator protections in the law are stronger than they really are. Sony vs Connectix made emulation legal, but it wasn’t heard by the supreme court. PS1 games weren’t encrypted and relied on other methods like disc wobble to prevent piracy…so without proactively violating any measures you could just not include that check in your competing emulator and play retail discs without breaking any laws.
In steps the DMCA anti-circumvention laws for bypassing video game / console encryption measures, which is an even bigger untested minefield without precedent in favor of emulation. And since games are default encrypted on new consoles and arguably not subject to exemption (at least while still supported) it really might be a disaster to fight it.
Nintendo is a dick but it’s not in our interest or theirs to really push the boundary on the status quo. The get to slap suit whatever they want taken down, we get to play the emulation hydra game where it’s still legally grey.
It looks like they just didn’t neutralize/sanitize controllable input data so it should be a pretty easy fix. I think if a security researcher gives you a layup by identifying an easily fixable vulnerability a company should just take it, even if the product is old. If for no other reason than it’s bad marketing when news articles like this come out.