CVE-2025-55971

Name of the Vulnerable Software and Affected Versions TCL 65C655 Smart TV version V8-R75PT01-LF1V269.001116

Description The TCL 65C655 Smart TV is susceptible to a Server-Side Request Forgery (SSRF) issue. This affects the UPnP MediaRenderer service (AVTransport:1), which accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398. The device attempts to retrieve externally referenced URIs, including attacker-controlled payloads. This blind SSRF allows sending requests on behalf of the TV to probe for internal or external services accessible by the device, such as 127.0.0.1:16XXX, LAN services, or internet targets, potentially enabling further exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.