CVE-2025-55972
BaseFortify
Publication date: 2025-10-03
Last updated on: 2025-10-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tcl | 65c655_firmware | * |
| tcl | 65c655 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects TCL Smart TVs with a vulnerable UPnP/DLNA MediaRenderer implementation. An attacker can send a flood of malformed or oversized SetAVTransportURI SOAP requests to the TV's UPnP control endpoint, causing the device to become unresponsive. This results in a remote, unauthenticated Denial of Service (DoS) condition that persists as long as the attack continues.
How can this vulnerability impact me? :
The vulnerability can cause your TCL Smart TV to become completely unresponsive, affecting all forms of TV operation. Manual user control and even rebooting the device will not restore functionality until the attack stops, effectively denying you the use of the TV during the attack.