Grade F · High Risk

Is TP-Link Safe?

TP-Link routers are Chinese-owned and under active federal investigation. New models are blocked from FCC authorization. Get the full security analysis.

Security Verdict

TP-Link is a Chinese-owned company headquartered in Shenzhen, China. It is currently under active investigation by the US Department of Justice, FCC, and Congress. TP-Link routers were specifically named in FBI, NSA, and CISA advisories as attack vectors used in the Volt Typhoon campaign - a state-sponsored Chinese hacking operation targeting US critical infrastructure. New TP-Link models are blocked from receiving FCC authorization as of 2026. Existing devices remain operational but carry structural risk due to China's National Intelligence Law, which requires Chinese companies to cooperate with state intelligence requests.

Bottom line: Replace if you handle sensitive data. Update firmware immediately as an interim step.

Corporate Ownership Structure

TP-Link Technologies Co., Ltd. is a private company incorporated in Shenzhen, China in 1996 by brothers Zhao Jianjun and Zhao Jiaxing. The company is 100% privately held - all ownership remains with the founding family. No independent ownership audit has been published. TP-Link operates entirely under Chinese law, including the National Intelligence Law of 2017, which legally compels cooperation with Chinese state intelligence requests.

TP-Link Models - Security Grades

All TP-Link models in our database. Click a model for its full security report.

Model	Grade	FCC Status	Security Support	Made In
Archer AX21	F	Authorized - under federal review	Active (parent co. under investigation)	China
Archer AX55	F	Authorized - under federal review	Active	China
Archer AX73	F	Authorized - under federal review	Active	China
Archer C7	F	Authorized (legacy)	End of security support	China
Deco XE75	F	Authorized - under federal review	Active	China
Archer BE800	F	Authorized - under federal review	Active	China
Deco M5	F	Authorized (legacy)	Limited	China
Deco W7200	F	Authorized - under federal review	Active (parent co. under investigation)	China
Deco XE200	F	Authorized - under federal review	Active (parent co. under investigation)	China
Deco BE85	F	Authorized - under federal review	Active (parent co. under investigation)	China
Archer AX6000	F	Authorized - under federal review	Active (parent co. under investigation)	China
Archer AX11000	F	Authorized - under federal review	Active (parent co. under investigation)	China
Archer AX3000	F	Authorized - under federal review	Active (parent co. under investigation)	China
Archer AXE75	F	Authorized - under federal review	Active (parent co. under investigation)	China

Key Risk Factors

Chinese state jurisdiction

China's National Intelligence Law requires TP-Link to cooperate with Chinese intelligence agencies, creating structural risk regardless of firmware.

Active federal investigation

US DOJ, FCC, and Congress are actively investigating TP-Link. The company faces potential forced divestiture or ban.

Volt Typhoon named vector

FBI, NSA, and CISA specifically named TP-Link routers as the primary attack vector in Chinese state-sponsored infrastructure attacks.

New models blocked

As of 2026, TP-Link cannot receive FCC authorization for new router models in the United States.

Known CVEs - TP-Link Routers

The following vulnerabilities from the NIST National Vulnerability Database affect TP-Link router models. This is a representative sample; the full CVE list may be longer.

CVE-2023-1389 High (CVSS 8.8)

Command injection in Archer AX21 via the country form parameter. Added to the CISA Known Exploited Vulnerabilities (KEV) catalog in April 2023. Actively exploited in real-world campaigns.

CVE-2022-4499 High (CVSS 7.5)

Side-channel timing attack on TL-WR940N and TL-WR841N routers. Remote attackers can recover admin credentials by analyzing response timing on the login page - no authentication required.

CVE-2022-42402 Medium (CVSS 6.5)

Authenticated remote command execution via crafted HTTP request in multiple TP-Link firmware versions.

Frequently Asked Questions

Is TP-Link banned in the US?

TP-Link is not fully banned yet, but new TP-Link router models are blocked from receiving FCC equipment authorization as of 2026. The company is under active investigation by the DOJ, FCC, and congressional committees. Existing TP-Link routers can still be used, but security experts recommend replacing them given the ongoing federal investigation and the Volt Typhoon connection.

Can I still use my TP-Link router?

Yes, using an existing TP-Link router is currently legal. However, security agencies recommend replacing it, especially on networks that handle sensitive personal, financial, or professional data. In the interim, keep firmware updated and disable remote management.

Why are TP-Link routers a security risk?

The risk is structural: TP-Link is owned and operated in China, where the National Intelligence Law requires companies to cooperate with government intelligence requests. Additionally, TP-Link routers were identified in the Volt Typhoon campaign as attack vectors used by Chinese state-sponsored hackers against US infrastructure.

What should I replace my TP-Link router with?

The safest replacements are routers from US-owned or Taiwan-headquartered companies with active security support. Options include Asus (Taiwan), Ubiquiti (US), and Rio Router - which is the only A-grade router in our database and was designed specifically to address the security gaps in consumer routers.

Is TP-Link Deco safe?

TP-Link Deco mesh systems carry the same ownership and FCC risk as all TP-Link products. They are Chinese-owned, under federal review, and new Deco models are blocked from FCC authorization. The risk is the same across all TP-Link product lines.

CHECK YOUR SPECIFIC MODEL

Get your router's full security report

Check any specific model for CVEs, FCC status, security capabilities, and your personalized action plan.

Check a Router → Top 10 Safe Routers