I don't think fixing RCEs in a network connected home consumer device is a shitty thing to do. A lot of people might say it's actually pretty responsible.
From what I can tell it’s not remote code execution as you need to copy files to and from your SD card. This only affects people who want to get full access to their own devices
This is correct. If anyone's curious, here's a page from a 3DS CFW installation guide that explains how the Bannerbomb3 exploit comes into play: https://3ds.hacks.guide/bannerbomb3.html
