A vulnerability exists in TCL Smart TVs operating with a UPnP/DLNA MediaRenderer implementation, which exposes the device to a remote denial of service attack. Attackers can exploit this flaw by sending a barrage of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint. This results in the TV becoming unresponsive, crippling all functionalities. Notably, even manual user intervention or rebooting the device does not restore normal operations unless the attack is halted, leaving users vulnerable to prolonged disruptions.
https://securityvulnerability.io/vulner ... 2025-55972