Federal Ban on TP-Link Routers Shelved, But Texas Fights On

The US government has reportedly shelved plans to ban TP-Link routers from sale in the country, despite serious security concerns about the devices being used by Chinese hacking groups to target American organizations. However, Texas is continuing its legal battle against the router manufacturer, filing a lawsuit alleging deceptive marketing practices and security vulnerabilities.

Widespread Use and Security Concerns

Badged versions of TP-Link routers are supplied to US customers by more than 300 internet service providers, making them the most widely used Wi-Fi routers in the country. These devices are found in millions of American homes, with TP-Link routers accounting for approximately 65% of the US market.

Many consumers may not even realize they have a TP-Link router, as badged versions typically carry ISP branding rather than the manufacturer's name. This widespread deployment made the discovery of security vulnerabilities particularly concerning.

Security researchers at Microsoft identified that a hacking group based in China was exploiting vulnerabilities in these devices to carry out cyber attacks against Western targets. An analysis published in October revealed that the Chinese hacking entity maintains a large network of compromised network devices, mostly comprising thousands of TP-Link routers.

These compromised devices have been used by multiple Chinese actors to launch cyberattacks against think tanks, government organizations, non-governmental organizations, and Defense Department suppliers. There was also speculation that the devices were being sold at a loss specifically to get them into US homes, potentially as part of a broader strategic effort.

Federal Action Shelved

Following three separate investigations opened at the Departments of Commerce, Defense, and Justice, it was widely expected that TP-Link routers would be banned from sale in the United States. However, the White House reportedly shelved this plan ahead of a summit between then-President Trump and China's Xi Jinping.

The decision to shelve the ban highlights the complex intersection of cybersecurity concerns and international diplomatic relations. While security experts and government agencies identified serious vulnerabilities that could be exploited by foreign adversaries, political considerations appear to have taken precedence in the final decision-making process.

Texas Continues the Fight

While the federal government has taken no action at this time, Texas is continuing its legal battle against TP-Link. Attorney General Ken Paxton announced that the state is suing the Wi-Fi router maker for deceptively marketing the security of its products and allowing Chinese hacking groups to access Americans' devices.

Paxton originally began investigating TP-Link in October 2025. Subsequently, Texas Governor Greg Abbott prohibited state employees from using TP-Link products in January of this year, demonstrating the state's serious concerns about the security implications of these devices.

TP-Link has denied the claims, stating that the company is now US-owned and its products are assembled in Vietnam. However, Texas argues that because components are made in China, the suppliers must comply with requests from Chinese intelligence agencies to install firmware that enables government access.

Consumer Recommendations

Given the security concerns surrounding TP-Link routers, consumers may want to consider alternative options. Even if your internet service provider supplies a TP-Link router, you are not required to use it and can replace it with your own choice of router, which will typically offer better specifications and security features.

When selecting a new router, consider purchasing from reputable manufacturers with strong security track records. Many modern routers offer advanced security features, regular firmware updates, and better performance than the basic models often supplied by ISPs.

The ongoing situation with TP-Link routers underscores the importance of being aware of the devices connected to your home network and understanding the potential security implications of using hardware manufactured in countries with different regulatory environments and potential government influence over private companies.

The Texas lawsuit may set an important precedent for how states can address cybersecurity concerns when federal action is not forthcoming, particularly when it comes to protecting citizens from potential foreign surveillance and cyber attacks through everyday consumer devices.