If you have a TP-Link router — and statistically, there's about a 65% chance you do — this is worth paying attention to. The U.S. Departments of Commerce, Defense, and Justice have all opened investigations into TP-Link Systems, and the outcome could mean a federal ban on the sale of TP-Link networking equipment in the United States.
1 · What's actually happening
The investigations began in earnest in late 2024, following reporting that TP-Link firmware had been exploited in a state-sponsored cyberattack targeting U.S. organizations. The concern isn't that TP-Link routers are uniquely vulnerable by accident — it's that security researchers found evidence of deliberately obfuscated code in the firmware, the kind of architecture that makes it difficult to audit and easy to weaponize remotely.
Microsoft published a report in 2024 linking a network of compromised TP-Link routers to a Chinese threat actor group they track as Volt Typhoon. The routers weren't just being used as targets — they were being used as infrastructure, routing malicious traffic through legitimate home and small business connections to mask the source.
TP-Link holds an estimated 65% of the U.S. consumer router market and roughly 80% of the small office/home office router market. A coordinated exploit across that install base would be the largest residential network compromise in U.S. history.
2 · Why the FCC cares
The FCC has the authority to ban equipment from the market if it poses a national security risk — it did exactly this with Huawei and ZTE equipment in 2020. A TP-Link ban would follow the same legal path. The investigation is ongoing, but multiple sources indicate the Commerce Department has already drafted ban language pending formal review.
The concern isn't that TP-Link makes bad hardware. The concern is that the firmware running on that hardware has been deliberately difficult to audit — and has already been exploited at scale.
3 · Is your router on the list?
The models under most scrutiny are the consumer-facing lines: the Archer series (Archer AX55, AX73, AX90, and similar) and the Deco mesh systems. TP-Link's Omada business line, which uses a completely separate firmware and management stack, has not been cited in the same investigations — though I'd still recommend caution until the government's findings are complete.
- Archer routers — affected; consider replacing
- Deco mesh systems — affected; consider replacing
- Omada business line — not currently cited; monitor the situation
- TP-Link switches and access points (non-router) — not currently cited
4 · What to do next
My recommendation right now: don't panic, but do plan. If you're buying a new router today, buy something else. If you have a TP-Link router that's less than two years old and working well, monitor the situation and plan a replacement within six months if the ban moves forward.
The three replacements I'm putting in homes right now: Eero Pro 6E (easiest setup, best for non-technical households), Ubiquiti UniFi Express (best for households that want real network control), and Netgear Orbi RBK863S (best raw throughput for large homes). All three have clean audit histories and U.S.-based support infrastructure.
If you want me to look at your specific setup and give a recommendation, that's exactly the kind of call I take — no charge for the 15-minute consult.