Beware! These MediaTek-powered devices could put your data at risk
12 Jun 2025

The Indian government has issued a major security alert over vulnerabilities in a range of MediaTek chipsets.

The warning, which comes from the Indian Computer Emergency Response Team (CERT-In), affects devices powered by various MediaTek processors.

These include smartphones, laptops, smart TVs, tablets, routers, and other smart home devices.

The vulnerabilities could be exploited to compromise user data or disrupt services.

Exploitation could lead to data theft, unauthorized access
Risk assessment

CERT-In's advisory highlights that the vulnerabilities stem from heap overflows, null pointer dereference in Bluetooth and Wi-Fi modules, incorrect WLAN authorization, and uncontrolled recursion in IMS services.

Successful exploitation of these issues could lead to data theft or unauthorized access.

It could also result in denial-of-service (DoS) conditions for devices powered by affected MediaTek chipsets.

Users should install security patches at the earliest
User guidance

CERT-In has advised all individuals and organizations using devices powered by the affected MediaTek chipsets to install the security patches issued by MediaTek.

Device makers are expected to push updates based on MediaTek's June 2025 security bulletin.

Until these updates are installed, users are advised not to connect their vulnerable devices to unsecured networks.

A look at affected MediaTek chipsets
Device impact

The vulnerabilities affect a wide range of devices with chipsets including the MediaTek Wi-Fi 6E Wireless LAN Card (MT7902), MediaTek Wi-Fi 6 Chipset (MT7921), and MediaTek Helio G99 for tablets (MT8789).

Other affected devices include MediaTek Dimensity 9300+ platform for Wi-Fi and Bluetooth (MT7993), MediaTek Dimensity 1080 (MT6813), and variants within the high-end Dimensity series.