A group of lawmakers has urged the United States Commerce Department to investigate and potentially ban the sale of networking products from TP‑Link Technologies by the end of this month, as these products may pose a “serious and present danger” to US information and communications-technology security.
In a formal letter to US Commerce Secretary Howard Lutnick, the bipartisan group of senators and representatives said TP-Link’s networking equipment, including routers and internet-connected cameras, is designed, developed, manufactured or supplied by a company with deep ties to the Chinese Communist Party (CCP). They said the equipment could be used to spy on US military personnel, critical infrastructure and households alike.
“Reports indicate that TP-Link is rapidly expanding its share of the US market for internet-connected security cameras,” said the US lawmakers. “Right now, nothing stops CCP-tied companies from spying on Americans through internet-connected cameras in our homes. The Chinese Communist Party can capture and exploit these videos to track, blackmail or extort US citizens, including top government and military officials.”
The members of Congress said the Commerce Department should assess the national-security risks posed by TP-Link’s internet-connected cameras and determine whether information and communications-technology security authorities are sufficient to mitigate those risks.
They requested an assessment by November 30, and asked Commerce to consider:
- making recommendations on whether TP-Link should be added to the Federal Communications Commission’s Covered List,
- conducting a study on the broader risks posed by CCP-linked camera manufacturers, and
- recommending that additional public advisories be issued by the Federal Bureau of Investigation and Department of Homeland Security.
They added that any action targeting TP-Link could mark the largest removal of Chinese telecommunications equipment from the US market since Washington’s crackdown on Huawei Technologies in 2019.
In May, a group of US lawmakers led by Senator Tom Cotton in a letter urged the Commerce Department to immediately prohibit future sales of TP-Link small and home office networking equipment in the US due to national security concerns.
In November 2022, the FCC banned the sale and importation of new telecommunications and video surveillance equipment from several Chinese companies, including Huawei, ZTE, Hikvision and Dahua, citing national security risks. Still, TP-Link’s share in the US router market kept growing to more than 60%.
“No official action or confirmation has been made by any agency or the White House regarding these allegations,” TP-Link said in a statement. “The US Commerce Department may still decide not to issue the ban, or could reach an agreement with TP-Link for a different resolution of its concerns.”
The company said it vigorously disputes any allegation that its products present national security risks to the US. It said it remains as committed as ever to supplying secure and high‑quality products to the US market. Any concerns the government may have about TP-Link, it said, “are fully resolvable by a common‑sense mix of measures like onshoring development functions, investing in cybersecurity, and being transparent.”
“TP-Link will continue to work with the US Department of Commerce to ensure we understand and can respond to any concerns the government has,” the company added.
The US probe
The Wall Street Journal reported on December 18 last year that US authorities launched a multi-agency investigation into TP-Link.
The investigation, driven by the US Commerce, Justice and Defense departments, focused on whether TP-Link’s routers, which dominate roughly 65% of the US home and small‑business market, posed a national‑security threat. The Journal noted that TP-Link products are not only top sellers on Amazon but also support communications systems used across several federal agencies, including components of the Defense Department.
The probe was initiated after US officials reviewed evidence suggesting TP-Link routers were among devices compromised in large-scale cyber campaigns traced to China-backed threat actors. Microsoft disclosed in October 2024 that a network of hacked small-office and home-office routers, many manufactured by TP-Link, had been used to steal credentials from US organizations through password‑spray attacks.
The compromised devices formed part of an intrusion cluster tracked as CovertNetwork‑1658, which Microsoft assessed as being maintained by a China-based operator with remote code-execution capabilities.
“China opposes the United States’ overstretching the concept of national security and its discriminatory practices targeting particular countries and companies,” said Lin Jian, spokesperson for the Chinese Foreign Ministry. “China will take resolute measures to firmly safeguard the legitimate and lawful rights and interests of Chinese companies.”
Chinese commentators also weighed in, arguing that Washington was weaponizing national security to suppress Chinese router makers and tilt the playing field in favor of American competitors such as Netgear Inc.
“The potential ban of TP-Link’s products in the US will be a replay and escalation of the Huawei episode,” a Jiangsu-based columnist says in an article. “The US was extending its security checks into consumer‑grade routers and supply‑chain governance.”
She said such a shift in the US policy would
- force Chinese manufacturers to navigate stricter compliance and certification regimes,
- reshape competitive dynamics with US firms, and
- increase the long‑term risk of technological decoupling between China and the US.
CovertNetwork-1658
In October 2024, Microsoft’s security team flagged a covert network of compromised small‑office and home‑office routers, dubbed CovertNetwork‑1658, also known as xlogin and Quad7 (7777), as a conduit for credential theft and espionage.
Microsoft said that since August 2023, it has observed intrusion activity targeting and successfully stealing credentials from multiple customers through highly evasive password spray attacks. It added that the network was established and remains operated by a China‑based threat actor, and that compromised TP-Link routers were exploited to gain remote‑code‑execution capabilities.
Microsoft said the use of TP-Link routers in this malicious infrastructure elevates a consumer‑grade device into a significant national‑security concern. It warned organizations to improve credential hygiene, strengthen identity protections and scrutinize even low‑cost home‑networking equipment as potential points of foreign exploitation.
After the Wall Street Journal reported about Washington’s investigation into TP-Link last December, the Shenzhen-based company issued a press release, saying it had already restructured its businesses, so that TP-Link Systems is no longer affiliated with China-based TP-Link Technologies, which sells exclusively in mainland China.
It said TP-Link Systems and its subsidiaries do not sell any products to customers in mainland China. It said TP-Link Systems, which is headquartered in California, is fully committed to complying with US laws.
According to Chinese media, TP-Link has, since 2022, spun off its American unit and named it TP-Link Systems, which is now fully owned by TP-Link co-founder Zhao Jianjun and his wife – while another TP-Link co-founder, Zhao Jiaxing, now controls a 97.5% stake of TP-Link Technologies’ China business.
In 1996, the duo jointly established TP-Link in Shenzhen. The company now has more than 13,000 employees and sells routers globally. It has reportedly started manufacturing routers in Vietnam since 2018 for the US markets.
Read: Chinese pundits claim victory after Trump’s trade concessions
Follow Jeff Pao on Twitter at @jeffpao3
