A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, an attacker can cause the device to become unresponsive. This denial persists as long as the attack continues and affects all forms of TV operation. Manual user control and even reboots do not restore functionality unless the flood stops.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

References
Link Providers
https://github.com/Szym0n13k/CVE-2025-55972-Remote-Unauthenticated-Denial-of-Service-DoS-in-TCL-Smart-TV-UPnP-DLNA-AVTransport cve-icon cve-icon
https://www.youtube.com/watch?v=CRik5mp4SW4 cve-icon cve-icon
History

Fri, 03 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Description A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, an attacker can cause the device to become unresponsive. This denial persists as long as the attack continues and affects all forms of TV operation. Manual user control and even reboots do not restore functionality unless the flood stops.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-10-03T15:04:31.969Z

Reserved: 2025-08-16T00:00:00.000Z

Link: CVE-2025-55972

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-10-03T16:16:17.670

Modified: 2025-10-03T16:16:17.670

Link: CVE-2025-55972

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.