TP-Link routers may not be available for much longer in the United States, according to a Washington Post report last week. A possible ban appears increasingly likely, as more than half a dozen federal departments and agencies support the proposal,
The news first broke in December of last year, when the Wall Street Journal reported that investigators from the Commerce, Defense and Justice departments had all opened probes into the company due to national security risks stemming from its ties to China. Since then, news on the TP-Link front has been relatively quiet.
Today, the proposal received interinstitutional approval.
“Trade officials concluded that TP-Link Systems products pose a risk because the U.S.-based company’s products process sensitive U.S. data and because officials believe it remains subject to the jurisdiction or influence of the Chinese government,” the Washington Post reported.
TP-Link’s ties to the Chinese government are only allegations. The company – technically called TP-Link Systems – has vigorously denied to me in the past that it is a Chinese company.
“As an independent U.S. company, no foreign country or government, including China, has access to or control over the design and production of our products,” a TP-Link spokesperson told CNET.
TP-Link was founded in Shenzhen, China in 1996 by two brothers, Jeffrey (Jianjun) Chao and Jiaxing Zhao. In October 2024, two months after members of the House Select Committee called for an investigation into TP-Link routers, the company split into two: TP-Link Technologies and TP-Link Systems.
The latter is headquartered in Irvine, California, and has about 500 employees in the United States and 11,000 in China, according to the Washington Post report. TP-Link Systems is owned by Chao and his wife.
“The unusual degree of TP-Link vulnerabilities and the required compliance with [Chinese] “The laws themselves are disconcerting,” the lawmakers wrote in October 2024. “When combined with the [Chinese] the government’s routine use of [home office] routers like TP-Link to carry out large-scale cyberattacks in the United States, this is becoming very alarming.”
The company has become a dominant force in the US router market since the pandemic. According to the Journal report, that share increased from 20% of total router sales in 2019 to about 65% this year. TP-Link disputed these figures to CNET, and a separate analysis by computing platform Lansweeper found that 12% of home routers currently in use in the United States are made by TP-Link. More than 300 Internet service providers offer TP-Link routers to their customers, according to the Wall Street Journal report.
Separately, the Justice Department’s Antitrust Division is investigating whether TP-Link engaged in predatory pricing tactics by artificially lowering its prices to oust its competitors.
CNET has several TP-Link models on our lists. best wifi routers and will follow this story closely to see if we need to re-evaluate these choices.
“We do not sell products below cost. Our prices are not only above cost, but also contribute to a healthy profit for the company,” a TP-Link spokesperson told CNET.
The potential ban has undergone an interagency review and is currently in the hands of the Department of Commerce. According to the Washington Post, sources familiar with the details of the ban said ongoing negotiations between the Trump administration and China have made the chances of a ban less likely in the near future.
“Any concerns the government may have about TP-Link can be fully addressed through a combination of sensible measures such as relocating development functions, investing in cybersecurity and transparency,” the spokesperson said. “TP-Link will continue to work with the U.S. Department of Commerce to ensure we understand and can address all government concerns.”
Don’t miss any of our unbiased technical content and lab reviews. Add CNET as your preferred Google source.
How concerned should you be about your TP-Link router?
I wrote a few months ago that I was in no rush to replace my own TP-Link routerand that’s essentially how I still feel today.
When the news first broke last December, I » asked four cybersecurity experts if they would still use a TP-Link router. One of them answered categorically “no”. Another said there was “a risk to the consumer”. And two refused to answer the question directly.
Itay Cohen was one of the authors of a 2023 report identifying a firmware implant in TP-Link routers linked to a Chinese state-sponsored hacking group. He told me in a previous interview that similar implants had been found on other brands of spinning tops manufactured all over the world.
“I don’t think there is enough public evidence to justify completely avoiding routers from China,” Cohen said. “The vulnerabilities and risks associated with routers are largely systemic and apply to a wide range of brands, including those manufactured in the United States.”
I’ve heard some version of this from every cybersecurity expert I’ve spoken with. TP-Link has security flaws, but so do all routers, and I haven’t been able to cite any that specifically demonstrate collaboration with the Chinese government.
“We’ve analyzed an astonishing amount of TP-Link firmware. We find stuff, but we find stuff in everything,” said Thomas Pace, CEO of cybersecurity firm NetRise and a former security contractor for the Department of Energy.
That said, it is entirely possible that the government is aware of the vulnerabilities while the public is not.
For now, I’m still comfortable with a TP-Link router knowing that I follow a few basic rules best practices for network securitybut my risk tolerance may be higher than others.
How to protect your network if you have a TP-Link router
If you’re one of the millions of Americans who use a TP-Link router, news of a possible ban might be disconcerting.
A Microsoft report last year found that TP-Link routers have been used in “password spraying attacks” since August 2023, which typically occur when the router uses a default password.
Here’s what you can do to protect yourself now:
Update your login credentials. A shocking number of router attacks occur because the user never changed the default login credentials set by the router manufacturer. Most routers have an app that lets you update your login credentials, but you can also type your router’s IP address into a URL. These credentials are different from your Wi-Fi name and password, which also need to be changed approximately every six months. As always with passwords, avoid common words and character combinations, longer passwords are better, and do not reuse passwords from other accounts.
Use a VPN. If you fear prying eyes from the Chinese government or anyone else, the best thing you can do to ensure your connection remains private is to use a quality VPN. Privacy conscious people should look for advanced features like obscuration, Tor over VPN and a double VPN, which uses a second VPN server for an additional layer of encryption. You can even install a VPN on your router directly so that all your traffic is automatically encrypted.
Enable firewall and Wi-Fi encryption. These are usually enabled by default, but now is a good time to make sure they are enabled. This will make it more difficult for hackers to access the data sent between your router and the devices that connect to it. You can also find these settings by logging into your router from its app or website.
Consider purchasing a new router. I always recommend buying your own router instead of renting one from your Internet Service Provider. It is mainly a saving measurebut if your ISP uses TP-Link equipment, it might be a good time to switch to another brand. The main thing to look for is WPA3 certification — the latest security protocol for routers.
Update your firmware. The TP-Link spokesperson told me last year that customers should check for firmware updates regularly to keep their router secure. “To do this, customers with a TP-Link Cloud account can simply click the ‘Check for Updates’ button in their product’s firmware menu,” the spokesperson said. “All other customers can find the latest firmware on their product’s Downloads page on TP-Link.com.”
