TCL Smart TV UPnP/DLNA Remote Denial-of-Service Vulnerability

Vulnerability

A remote, unauthenticated denial-of-service vulnerability has been identified in a TCL Smart TV model 65C655, due to a flawed UPnP/DLNA MediaRenderer implementation. The issue arises when an attacker sends a large volume of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint. This flood of requests causes the TV to become unresponsive, disrupting all functions. Manual controls and reboots do not restore normal operation until the attack ceases.

Impact

Exploitation of this vulnerability leads to the TV becoming unresponsive, with the denial of service persisting as long as the attack continues. This unresponsiveness affects all TV operations, and manual reboots do not restore functionality until the attack stops.

Added: Oct 3, 2025, 4:22 PM

Updated: Oct 3, 2025, 7:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TCL Smart TV UPnP/DLNA Remote Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

TCL Smart TV

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating