Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-55972 PoC — TCL 65C655 Smart TV 安全漏洞

Source
https://github.com/Szym0n13k/CVE-2025-55972-Remote-Unauthenticated-Denial-of-Service-DoS-in-TCL-Smart-TV-UPnP-DLNA-AVTransport
Associated Vulnerability
Title:TCL 65C655 Smart TV 安全漏洞 (CVE-2025-55972)
Description:A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, an attacker can cause the device to become unresponsive. This denial persists as long as the attack continues and affects all forms of TV operation. Manual user control and even reboots do not restore functionality unless the flood stops.
Description
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS).
Readme
# CVE-2025-55972-Remote-Unauthenticated-Denial-of-Service-DoS-in-TCL-Smart-TV-UPnP-DLNA-AVTransport
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS).

### Vendor: 
TCL Technology Group Corporation

### Product: 
TCL Smart TV (tested: 65C655)

### Vulnerability type: 
Remote Denial of Service (DoS) in UPnP/DLNA MediaRenderer (AVTransport)

### Impact: 
Device become unresponsive or unavailable while the attack persists.

### CVSS v3.1 (Base): 
6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

### Discovery date: 
2025-06-28

### CVE: 
CVE-2025-55972

## Description: 
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS). By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, an attacker on the local network (or via a forwarded port) can cause the device to become unresponsive. The denial persists while the flood continues and can affect all TV operations; manual control and reboots do not restore functionality until the attack stops.
File Snapshot

 [4.0K]  /data/pocs/3349a95d5d41b0c1da656c7d1308f88d17a97c7f
└── [1.1K]  README.md

1 directory, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →