US Government Proposes Ban on TP-Link Routers Over National Security Concerns
Multiple US federal agencies, including the Commerce, Justice, Defense, and Homeland Security departments, have backed a proposal to ban the sale of TP-Link routers in the United States. The move is driven by concerns that TP-Link, which controls a significant share of the US home router market, may still be subject to influence by the Chinese government, potentially exposing American users to surveillance risks. The proposal follows an investigation into the company's ties to China and comes amid heightened scrutiny of foreign technology firms over national security issues.
Officials argue that mitigation measures short of a ban would not sufficiently address the perceived threat, although there is a possibility for TP-Link to provide guarantees that its hardware and software are developed independently of China. The company, which has established a US headquarters and claims to have separated from its Chinese parent, denies the allegations. The proposed ban could have sweeping implications for both consumers and businesses, echoing previous US actions against foreign technology providers such as Kaspersky Lab.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Reports emerge of proposed US ban on TP-Link routers
Multiple outlets reported that the US was considering or proposing a ban on TP-Link routers because of the company's ties to China. The references do not provide a more specific event date beyond the publication day of the reports.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Should you ditch your TP-Link router? Here's how to secure your Wi-Fi today
zdnet.com
Open sourceAmerica's favorite router might soon be banned in the US - here's what we know
zdnet.com
Open sourceUS reportedly proposing ban on TP-Link routers over China ties
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
FCC Bars New Foreign-Made Consumer Routers From U.S. Market
The FCC has added all new foreign-made consumer routers to its **Covered List**, blocking their import and sale in the United States after a White House-led interagency review found they pose an unacceptable national security and public safety risk. U.S. officials said overseas-manufactured routers could be exploited to disrupt the economy, critical infrastructure, and national defense, and linked the concern to activity associated with **Volt Typhoon**, **Flax Typhoon**, and **Salt Typhoon**, which have targeted U.S. networks and infrastructure. The restrictions apply to new devices rather than routers already authorized for sale, meaning existing products can continue to be imported, sold, and used for now. Foreign manufacturers may still seek approval, but must provide detailed disclosures on ownership, supply chains, software and firmware provenance, and any plans to shift critical component production to the United States. The move is expected to tighten availability of new router models and raise costs, while critics argue it does not solve broader router security problems such as insecure firmware, weak patching, compromised update systems, and supply-chain exposure that can persist regardless of where hardware is assembled.
May 13, 2026
Texas Lawsuit Alleging TP-Link Misled Consumers on Router Security and China Ties
Texas Attorney General Ken Paxton filed a lawsuit against **TP-Link Systems Inc.**, alleging the company deceptively marketed its networking and smart-home devices as secure and privacy-protective while the products were allegedly exposed to exploitation by **China-linked state-sponsored actors**. The complaint also asserts TP-Link misled consumers about product origin—promoting “**Made in Vietnam**” labeling while claiming manufacturing and development are dominated by **China-based subsidiaries and supply chains**, with Vietnam facilities described as performing largely final assembly. Texas further argues that TP-Link’s China-linked supply chain and alleged affiliations create national-security risk, including the possibility of compelled cooperation under Chinese data and intelligence laws. The state cited prior public reporting and research— including a **May 2023 Check Point Research** report tying **Camaro Dragon** activity to exploitation of **TP-Link firmware vulnerabilities**—as part of its rationale that the devices have been leveraged in campaigns targeting U.S. interests. TP-Link rejected the allegations, calling the lawsuit “without merit,” and stated it is an independent American company with core operations and infrastructure located in the U.S.
Mar 21, 2026
FCC Restricts Foreign-Made Routers With Conditional U.S. Approval Path
The FCC issued new rules restricting routers produced in foreign countries unless they receive **Conditional Approval** from the Department of Defense or Department of Homeland Security, according to discussion citing FCC documentation and the agency’s supply chain covered list. The policy was described as limiting use of foreign-made networking equipment while creating an exception process tied to U.S. government review and commitments around domestic manufacturing. The move drew criticism on the NANOG mailing list, where operators argued that few routers are truly manufactured in the United States and that assembly location does little to improve security compared with software provenance and supply-chain assurance. Participants also linked the policy debate to a recent U.S. law enforcement disruption of major IoT DDoS botnets that the Department of Justice called the world’s largest, crediting the FBI Alaska field office and network operators for helping dismantle infrastructure behind record-breaking attacks against victims worldwide.
May 13, 2026