Exploiting Vulnerabilities in NAT Strategies and Router Behaviors to Hijack TCP Connections in Wi-Fi Networks

An off-path attacker can exploit vulnerabilities in the NAT port preservation strategy and insufficient reverse path validation of Wi-Fi routers to infer active TCP connections, evict the original NAT mappings, and reconstruct new mappings to intercept the sequence and acknowledgment numbers, enabling them to terminate, hijack, or inject traffic into the victim's TCP connections.