Analysis and Impact of Blockbuster FCC ban on foreign made WiFi routers

Posted on by Alan Weissberger

On March 23rd, the Federal Communications Commission (FCC) updated its Covered List to prohibit the sale of foreign made consumer-grade (WiFi) routers to be sold in the U.S.  The FCC’s Covered List is a list of communications equipment and services that are deemed to pose an unacceptable risk to the national security of the U.S. or the safety and security of U.S. persons.  This FCC decision follows a determination by an Executive Branch interagency body, which concluded those devices pose unacceptable risks to U.S. national security and the safety of its citizens. . The new FCC restriction applies strictly to new foreign made router models, meaning retailers can continue marketing previously approved units and consumers can operate their existing equipment without interruption.

Impact:

TP-Link, Netgear, and Asus are currently among the top-selling Wi-Fi router brands in the U.S. consumer market.  Estimates for early 2026 indicate that TP-Link alone holds approximately 35% of the U.S. consumer router market share, while Netgear and Asus collectively account for another 25%. The TP-Link Archer AXE75 is frequently rated the best router for most users due to its Wi-Fi 6E speed and reasonable price.

AXE5400 Tri-Band Gigabit Wi-Fi 6E Router

…………………………………………………………………………………………………………………………………

Linksys and Ubiquiti  are American-based companies, but their hardware is produced by contract manufacturers overseas in locations like China, Vietnam, and Taiwan. Similarly, Amazon eero and Google Nest mesh routers are not made in the U.S.

–>Hence, these companies ability to sell new WiFi router models in the U.S. is now facing strict regulatory hurdles.

Quotes:

FCC Chairman Brendan Carr said: “I welcome this Executive Branch national security determination, and I am pleased that the FCC has now added foreign-produced routers, which were found to pose an unacceptable national security risk, to the FCC’s Covered List.  “Following President Trump’s leadership, the FCC will continue to do our part in making sure that US cyberspace, critical infrastructure, and supply chains are safe and secure.”

Bogdan Botezatu, director of Threat Research at cybersecurity firm Bitdefender, says this ban is a step to harden the cybersecurity readiness of U.S. households, given ongoing geopolitical tensions. “Consumer routers sit at the edge of every home network, which makes them an attractive target and a strategic risk if compromised at scale,” he says. Asked whether he thinks the risk is real, Botezatu says the risk is real, though there’s no easy way to prove intent. “[Internet of Things] devices, including routers, are a weak point across the internet.”

Virtually all (WiFi) routers are made outside the United States, including those produced by US-based companies like TP-Link, which manufactures its products in Vietnam,” a spokesperson from TP-Link tells WIRED. “It appears that the entire router industry will be impacted by the FCC’s announcement concerning new devices not previously authorized by the FCC.”

Important Implications:
  • Reduced Product Availability: New, high-performance routers manufactured outside the U.S. will not receive the necessary approval to be imported or sold, restricting future consumer choices.
  • Higher Costs: The, “This ruling has the potential to significantly disrupt the U.S. consumer router market,” according to, likely resulting in increased prices for consumers as companies grapple with new regulatory requirements.
  • Shift in Manufacturing: Router manufacturers, including those targeting the U.S. market, will likely need to shift production to the U.S. to satisfy security concerns and bypass the ban, says PC Magazine.
  • Security Focus: The ban targets vulnerabilities in foreign hardware and firmware.
  • No Impact on Existing Devices: Consumers can continue to use routers they currently own

References:

https://www.fcc.gov/faqs-recent-updates-fcc-covered-list-regarding-routers-produced-foreign-countries

https://www.wired.com/story/us-government-foreign-made-router-ban-explained/

U.S. Weighs Ban on Chinese made TP-Link router and China Telecom

China backed Volt Typhoon has “pre-positioned” malware to disrupt U.S. critical infrastructure networks “on a scale greater than ever before”

WSJ: T-Mobile hacked by cyber-espionage group linked to Chinese Intelligence agency

Trump and FCC crack down on China telecoms; supply chain security at risk

3 thoughts on “Analysis and Impact of Blockbuster FCC ban on foreign made WiFi routers

  1. While I see the intent behind the FCC ban, I wonder about the long-term impact on innovation. Limiting foreign-made WiFi routers might stifle competition and drive up prices for consumers. Did the FCC consider how that might affect tech advancements in the U.S.?

    Reply

  2. From Finite State: https://finitestate.io/

    Finite State’s autonomous product security platform is built to secure connected devices, IoT, and embedded systems. Its platform analyzes firmware and source code to identify risks, generate SBOMs, and provide actionable security metrics. Its mission [in part] is to help the teams building the world’s connected devices secure every release and continuously prove it – without scaling manual effort, with automated, evidence-backed workflows.

    QUOTES:

    Matt Wyckhouse, Finite State Founder and CEO:

    “Effectively, the FCC would ban all new routers, because there are no domestic routers that meet that standard today. There’s no one who can clear the bar right now.”

    “The country where a device is manufactured does not necessarily determine the security of that product. There’s a pretty large global supply chain involved — from chipsets to software to final assembly. There are no domestic suppliers for all products involved in router manufacturing. This will definitely increase prices. Companies will have to invest in U.S. manufacturing or retool existing operations, and that’s a major cost shift.”

    Sharon Hagi (he/him), Finite State Chief Security Officer:

    “Many organizations still lack strong governance over remote access to their business applications and SaaS platforms. As a result, these systems are often accessible from virtually any device – not just managed corporate laptops or mobile devices where security controls may be enforced. For example, employees can frequently access email, cloud storage, and other sensitive resources from personal home computers using standard corporate credentials and MFA.”

    “Why is this a concern? Because the security of that access path matters. A compromised home router or intermediary Wi-Fi, router or modem device between a personal computer and a corporate application can enable a man-in-the-middle attack. In some cases, attackers may even undermine TLS protections, exposing sensitive data and credentials. Once obtained, these credentials can be used to directly target enterprise systems. This type of approach aligns with known tactics used by advanced nation state actors such as Volt Typhoon.”

    Eric Greenwald, General Counsel, Finite State re risks to & cautions for consumers:

    “The biggest issue is the users’ failure to implement patches/updates issued by the OEMs and continued use of devices that have already reached end of life.

    “The vast majority of threat actors that use routers as an attack vector rely on known vulnerabilities for which patches have long ago been issued.

    “Nation-state attackers simply do not need to rely on supply-chain attacks to compromise routers because the ecosystem is littered with devices that are child’s play to commandeer. This definitely translates into a risk to enterprises, but most companies do not insist that their employees adhere to any security standards with respect to their home networks.”

    Eric adds that they rely on other measures to protect the traffic, such as end-point detection and encryption, but it still creates a risk.
    ……………………………………………………………………………………………………
    “Finite State connects firmware, binaries, source code, and product documentation into a single, continuous system of record grounded in what actually ships. We unify product security and compliance into one reviewable workflow—so teams can move faster without losing defensibility.”

    Reply

  3. This IEEE Techblog post effectively outlines the tension between securing national infrastructure and the practical challenges of a globalized supply chain, suggesting that while necessary for security, the move will cause substantial, immediate market challenges and disruptions.

    The FCC ban on foreign made WiFi routers poses a serious dilemma for network service providers that rent or sell them as part of their service.

    Reply

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

 
 

 

Archives

Archives

Recent Posts