Despite Wi-Fi is at the eve of its seventh generation, security concerns regarding this omnipresent technology remain in the spotlight of the research community. This work introduces two new denial of service attacks against contemporary Wi-Fi 5 and 6 networks. Differently to similar works in the literature which focus on 802.11 management frames, the introduced assaults exploit control frames. Both the attacks target the central element of any infrastructure-based 802.11 network, i.e., the access point (AP), and result in depriving the associated stations from any service. We demonstrate that, at the very least, the attacks affect a great mass of off-the-self AP implementations by different renowned vendors, and it can be mounted with inexpensive equipment, little effort, and a low level of expertise. With reference to the latest standard, namely, 802.11-2020, we elaborate on the root cause of the respected vulnerabilities, pinpointing shortcomings. Following a coordinated vulnerability disclosure process, our findings have been promptly communicated to each affected AP vendor, already receiving positive feedback as well as a - currently reserved - common vulnerabilities and exposures (CVE) id, namely CVE-2022-32666.

翻译：摘要：尽管Wi-Fi已步入第七代技术的前夜，这一无处不在的技术所涉及的安全问题仍是研究界的关注焦点。本文针对当代Wi-Fi 5和6网络提出了两种新型拒绝服务攻击。与现有文献中聚焦802.11管理帧的研究不同，本文所提出的攻击利用控制帧实施。这两种攻击均以任何基于基础设施的802.11网络的核心元素——即接入点（AP）为目标，导致关联站点丧失所有服务能力。我们证明，这些攻击至少会波及来自不同知名厂商的大量商用AP实现，且可通过廉价设备、少量操作及较低技术水平完成。参照最新标准802.11-2020，我们详细阐述了相关漏洞的根本原因，并指出了设计缺陷。通过协调漏洞披露流程，我们的发现已及时通报给各受影响的AP厂商，目前已获得积极反馈以及一项（当前保留的）通用漏洞与暴露（CVE）编号，即CVE-2022-32666。