CVE-2025-55972

Name of the Vulnerable Software and Affected Versions TCL Smart TV (affected versions not specified)

Description A TCL Smart TV with a vulnerable UPnP/DLNA MediaRenderer implementation is subject to a remote, unauthenticated Denial of Service (DoS) condition. An attacker can send a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, causing the device to become unresponsive. This denial of service persists while the attack continues and impacts all TV operations. Standard user controls and reboots do not restore functionality unless the attack ceases. The API endpoint affected is the UPnP control endpoint. The vulnerable request type is SetAVTransportURI.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.