What if you’re not using captive portal though? Is the admin logon page vulnerable too?
I can see this being more of a problem for public hotspot hosts with lots of unknown clients, than at one’s business or home network where the clients are known and managed.
I’m working on a OVA template for 3.2 now; all done. I note that this kernel has the vmxnet3 NIC driver as well (!)