CVE-2025-55972 PoC — TCL 65C655 Smart TV 安全漏洞

Source

Associated Vulnerability

Description

A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS).

Readme

# CVE-2025-55972-Remote-Unauthenticated-Denial-of-Service-DoS-in-TCL-Smart-TV-UPnP-DLNA-AVTransport
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS).

### Vendor: 
TCL Technology Group Corporation

### Product: 
TCL Smart TV (tested: 65C655)

### Vulnerability type: 
Remote Denial of Service (DoS) in UPnP/DLNA MediaRenderer (AVTransport)

### Impact: 
Device become unresponsive or unavailable while the attack persists.

### CVSS v3.1 (Base): 
6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

### Discovery date: 
2025-06-28

### CVE: 
CVE-2025-55972

## Description: 
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS). By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, an attacker on the local network (or via a forwarded port) can cause the device to become unresponsive. The denial persists while the flood continues and can affect all TV operations; manual control and reboots do not restore functionality until the attack stops.

File Snapshot

 [4.0K]  /data/pocs/3349a95d5d41b0c1da656c7d1308f88d17a97c7f
└── [1.1K]  README.md

1 directory, 1 file

Remarks