The severity is CRITICAL due to the potential for full bi-directional MitM attacks that can bypass client isolation in all tested Wi-Fi networks. The real-world exploitability is high as patches are not yet widely available, and this affects a broad range of devices.
Wi-Fi client isolation can be bypassed by abusing GTK keys, gateway bouncing attacks, and MitM techniques, affecting all tested routers and networks. This allows attackers to intercept, transmit, or inject traffic between clients, undermining network security.
Affected Systems
- All Wi-Fi routers and networks with client isolation features
Affected Versions: All versions
Remediation
- Apply vendor-specific updates or patches once they become available for your router model.
- Implement additional network segmentation beyond just client isolation to mitigate risks until a fix is in place.
Stack Impact
This affects all Wi-Fi networks and routers using client isolation features, potentially impacting services like nginx, docker, linux kernel, openssh, curl, openssl, python, and homelab components if they rely on network security provided by the Wi-Fi AP.