cvedb.io
CVE-2025-55972
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-10-03T16:16:17.670 · Last modified 2026-06-17T09:42:15.983

Summary

A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, an attacker can cause the device to become unresponsive. This denial persists as long as the attack continues and affects all forms of TV operation. Manual user control and even reboots do not restore functionality unless the flood stops.

Affected products

tcl — 65c655_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tcl ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.