Jump to content

[CVE-2022-47522] MacStealer: Wi-Fi Client Isolation Bypass


Recommended Posts


I recently discover the CVE-2022-47522 which seems to affect most of the equipment on the market.

To summarize the vulnerability: Once a device is connected to a Wi-Fi network, we can assume that packets are routed to the machines using the MAC address. Therefore, in order to carry out the attack, the hacker must disconnect a targeted device by connecting to it spoof its MAC Adress. This attack is possible because the CVE-2022-47522 vulnerability, located in the power-saving mechanism of the IEEE 802.11 standard, allows to override the Wi-Fi client isolation feature, but also the Dynamic ARP Inspection.

Full details in research publish paper : https://papers.mathyvanhoef.com/usenix2023-wifi.pdf 


Mathy Vanhoef published a well documented POC to test if a LAN is vulnerableon GitHub.

POC Available herehttps://github.com/vanhoefm/macstealer

I think it would be particularly interesting to integrate the tool as a module for the PineApple.

What do you think about it ?

Link to comment
Share on other sites

This has been around in the news for about a week now and I don't see any real reason to make a module out of it, unless a wider kind of "attack surface" can be discovered related to the flaw. We'll see how it develops as vendors analyze it all (Cisco has this far tagged it as "Informational"). As it has been described this far (and the reactions to it), I wouldn't throw myself over the keyboard and start sweating to create a module for it.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...