U.S. authorities may impose a prohibition on the largest manufacturer of home routers, TP-Link.
The U.S. authorities have launched an investigation into TP-Link routers, a leading global player in the WiFi home router market, due to security concerns. The probe is primarily driven by TP-Link's Chinese origin, with potential ties to Chinese cyberattacks under scrutiny.
The investigation comes amidst escalating U.S.-China tension over cybersecurity concerns. TP-Link has gained significant market share in North America, with over 60% in 2023, up from 10% in 2019. Aggressive pricing is a significant factor in TP-Link's market dominance.
Security experts warn about potential backdoors and supply chain risks with TP-Link devices. Known vulnerabilities, such as Remote Code Execution (RCE), Insecure Direct Object Reference (IDOR), and hard-coded DES decryption keys, expose users to remote code execution, information leakage, and unauthorized access. These vulnerabilities have been exploited in malware attacks linked to Chinese cyber threat actors.
One such malware, NoBooze1, has notably targeted TP-Link devices since mid-2025. An IDOR vulnerability in TP-Link's cloud service APIs allowed attackers to enumerate and access sensitive user information, including plaintext passwords and admin credentials, posing high privacy and security risks to TP-Link customers.
While there is no explicit public confirmation linking TP-Link to direct Chinese government cyberattacks, the exploitation of vulnerabilities in their widely used hardware creates an attack surface leveraged by Chinese cyber threat groups for espionage or disruption.
To mitigate risks, users are advised to:
- Update routers to the latest firmware promptly.
- Replace end-of-life devices with supported models.
- Consider alternative secure routers, especially when handling sensitive data.
- Explore open firmware only if proficient, understanding limitations.
The U.S. authorities are also investigating TP-Link's rivals, Huawei and ZTE, in global mobile networks, including those in the U.S. The U.S. is concerned that the Chinese government uses Chinese companies to spy on other countries, raising questions about the level of information the Chinese government may have about Zimbabwe.
Volt Typhoon, a Chinese hacking group, has also been active in targeting small office and home routers from brands like NetGear, Cisco, and TP-Link. In 2024, Volt Typhoon exploited TP-Link routers, but most compromised routers were outdated NetGear and Cisco devices. Despite this, the U.S. is considering a ban on TP-Link routers in 2025.
The investigation into TP-Link, Huawei, and ZTE underscores the ongoing U.S.-China tension over cybersecurity concerns and the importance of securing digital infrastructure in an increasingly interconnected world.
[1] NoBooze1 Malware Targets TP-Link Devices [2] TP-Link Archer C50 Models Vulnerable to DES Decryption Key Exploit [3] TP-Link Cloud Service API IDOR Vulnerability Exposes Sensitive User Data [4] Security Researchers Warn About Potential Backdoors and Supply Chain Risks with TP-Link Devices [5] TP-Link Discloses OS Command Injection Vulnerabilities in VIGI NVR Security Camera Systems
- The ongoing U.S.-China tension over cybersecurity concerns is further fueled by the investigation into TP-Link, a global technology leader in WiFi routers, due to potential ties between their devices and Chinese cyberattacks.
- Amidst this investigation, it's critical to note that TP-Link products, such as routers and security cameras, have been found to contain various vulnerabilities, such as Remote Code Execution (RCE), IDOR, and hard-coded DES decryption keys, which expose users to potential cybersecurity threats.
