[bronco21016]

It sounds like this attack would work in that scenario provided the attacker is able to connect to the guest access point.

I haven’t paid attention to one in a while but I seem to remember the need to authenticate with the guest network using Xfinity credentials. This at least makes it so attribution might be possible.

[russdill]

It looks like both clients must be on the same VLAN for the attack to work. They could be connected on different BSSIDs or even different SSIDs, but they still must be on the same VLAN.

[cluckindan]

If the vulnerability is between layers 1 and 2, wouldn’t that imply that VLAN tagging at layer 2 might not be effective in segregating the traffic?

[cyberax]

Wireless cards typically don't expose the VLAN tags directly. So VLANs should be OK.