Thinking about buying a new Wi-Fi router? You might want to hold off.
Citing "unacceptable risks" to national security, the Federal Communications Commission says it will be banning all new foreign-made Wi-Fi routers going forward.
The ban doesn't apply to any existing routers that the FCC has already authorized, but will impact any new models “produced in foreign countries.” Router manufacturers can apply for an exemption, but so far, none have been granted "Conditional Approval" on the FCC’s website.
This is a monumental development for the US Wi-Fi router market. With the exception of newer Starlink routers, nearly every router available for purchase in this country is at least partially manufactured outside the US, including TP-Link, Asus and Netgear. An estimated 60% of routers in the US are manufactured in China.
According to a list of FAQs published by the FCC, a router will be considered foreign-made if “any major stage of the process through which the device is made, including manufacturing, assembly, design and development” occurs outside the US.
“Following President Trump’s leadership, the FCC will continue do our part in making sure that US cyberspace, critical infrastructure and supply chains are safe and secure,” said FCC Chair Brendan Carr in a statement.
When CNET reached out to the FCC for more clarity on the order, we were referred to the commission's "Covered List" FAQ page.
The FCC says that routers produced abroad were “directly implicated” in the Volt, Flax and Salt Typhoon cyberattacks. The Salt Typhoon attack specifically exploited Cisco routers to gain access to the networks of US internet providers like AT&T, Verizon and Lumen, which owns CenturyLink and Quantum Fiber.
“This is using an extremely blunt instrument, and it’s going to impact many harmless products in order to stem a real problem,” William Budington, a technologist for the digital rights nonprofit Electronic Frontier Foundation, told CNET. “This takes place in the context of mass defunding of cyberdefense initiatives. There's a lack of a good federal testing lab for consumer grade routers due to budget cuts.”
This doesn’t mean you have to replace your existing router. The FCC clarified that the ban doesn’t apply to previously-purchased routers, but you won’t be able to buy new routers that the FCC hadn’t already authorized before the ban.
TP-Link specifically has been in the US government’s crosshairs for over a year, stemming from its ties to China, with more than half a dozen US departments and agencies reportedly backing a ban at the end of 2025.
But this week's FCC action goes well beyond TP-Link and will affect nearly every router company operating in the US.
Can your router still be used?
You can still use your existing router, but there is one big caveat hidden in the FCC’s Public Notice: “All routers authorized for use in the United States may continue to receive software and firmware updates that mitigate harm to US consumers at least until March 1, 2027.”
Firmware updates are essential to both your router’s performance and security. Most router companies issue automatic firmware updates to fix security vulnerabilities as they pop up, and you may not even be aware when they happen.
If a router can’t update its firmware after March 1 of next year, it’s generally considered unsafe to continue using, as your Wi-Fi network could become vulnerable to malware or other cybersecurity threats without regular firmware updates.
"The risk is very real," said Rik Ferguson, vice president of security intelligence at cybersecurity company Forescout. "If you find yourself in a situation where that update pipeline has been switched off, then you definitely have to consider whether you want to keep using that device."
"The risk just keeps going the longer time passes, because chances are that there will be new vulnerabilities being found that you cannot patch," added Daniel Dos Santos, vice president of research at Forescout.
Router companies are surely scrambling behind the scenes right now to get added to the FCC’s “Conditional Approval” list, which would allow them to sell new models and continue issuing software and firmware updates to routers that have already been approved.
There is some wiggle room in there. The FCC notice specifically says “at least” March 1, so it’s possible the deadline will be pushed back.
But if your router hasn’t been added to the exemption list by this time next year, I’d recommend swapping it out for a model that has FCC approval to continue receiving firmware updates.
“I don't think it's going to change the manufacturing landscape, because manufacturing processes are expensive to move and device manufacturers are probably going to just wait it out until the ban is lifted. So I don't think it's going to have the intended effect,” Budington said.
Should I wait or rush to buy a new router?
The FCC’s ban on foreign-made routers only applies to devices that haven’t already been approved. That means any router that’s currently for sale will still remain on the shelves, and you can continue to use your existing router as long as you’d like.
Because any router that’s available now has already gotten FCC authorization, there’s no need to rush out and buy a new router. In fact, I would recommend the opposite: holding off on buying a new router until some of the dust settles on the FCC order. That advice was echoed by the six cybersecurity experts I polled for this story.
"I would recommend to wait at least for a few weeks or a month to see what are the real implications of this," Sergey Shykevich, a threat intelligence manager at Check Point Research, told me.
If you buy a new router today, there’s a risk that the FCC won’t exempt it, and it will stop getting software and firmware updates after March 1 of next year.
“A lot of those routers are going to turn into pumpkins in a year unless they extend this waiver,” Alan Butler, senior counsel at the Electronic Privacy Information Center, told me.
CNET recently tested and reviewed more than 30 Wi-Fi routers, and while we stand by all of our picks, I’d recommend holding off on a purchase until we have more information on the FCC’s ban.
Which routers are impacted by the ban?
Representatives for the FCC couldn’t tell me which specific router companies will be subject to the ban, but nearly every Wi-Fi router available in the US has some stage of “manufacturing, assembly, design and development” occurring outside the country. (Starlink is apparently the only exception; the company says its newer routers are manufactured in Texas, according to the BBC.)
Untangling each router’s supply chain will be a complicated process, and router companies are likely already lobbying the FCC for “Conditional Approval.”
“Every single one of these devices, even if the final assembly happens in California, for example, they're all going to come with components that are manufactured in China, as an example,” Sonu Shankar, chief product officer at Phosphorus Cybersecurity, told CNET.
CNET reached out to 10 of the top router manufacturers for comment. So far, companies seem to be taking a friendly public approach to the FCC, even when they’re clearly subject to the ban. Netgear, for example, highlighted its US headquarters, even though its routers are manufactured in Vietnam, Thailand, Indonesia and Taiwan.
| Router company | Status following the announcement |
|---|---|
| Asus | Headquartered in Taiwan, subject to the ban. |
| Cisco | Does not sell new consumer-grade routers, not subject to the ban. |
| D-Link | Headquartered in Taiwan, subject to the ban. |
| Eero | Manufacturing in Asia, subject to the ban. |
| Linksys | Owned by Foxconn, a Taiwanese multinational. Subject to the ban. |
| Nest | Manufacturing in Taiwan and Malaysia, subject to the ban. |
| Netgear | Publicly supporting the ban, but has manufacturing in Vietnam, Thailand, Indonesia and Taiwan. |
| Starlink | Routers are made in Texas, not subject to the ban. |
| Razer | Dual headquarters in California and Singapore, likely subject to the ban. |
| Synology | Headquartered in Taiwan, subject to the ban. |
| TP-Link | Planning to establish US-based manufacturing, the company said the move is a “positive step.” Currently subject to the ban. |
A Netgear representative told CNET in an email that the company commends the Trump administration and the FCC for their action toward a safer digital future. "As a US-founded and headquartered company with a legacy of American innovation, Netgear has long invested in security‑first design, transparent practices, and adherence to government regulations, and we will continue to do so," the representative said.
TP-Link Systems Inc. also applauded the order. “Placing all manufacturers and their supply chains under the same scrutiny is a positive step in the direction of making the router industry more secure,” a TP-Link Systems representative told CNET in an email. According to the representative, the company had already been planning to establish US-based manufacturing. TP-Link says on its website that it has manufactured all products sold in the US in Vietnam since 2018.
CNET also reached out to Asus, D-Link, Eero, Linksys, Nest, Razer and Synology, but has not yet received responses.
How to protect yourself if you have a foreign-made router
Router manufacturers aren’t always the most transparent about their supply chains, but unless you use a Starlink router, some component of your router’s manufacturing likely takes place outside the US.
“Vulnerabilities don't have an inclination towards a national origin,” Shankar told me. “It doesn't matter if it's a Chinese-made router or an American-made router if a user does not change a default password.”
No matter where it’s from, your router will be far more secure if you follow some basic best practices. Here’s what experts recommend:
- Keep your firmware up to date: One of the most common ways malicious actors access your network is through outdated firmware. You can ensure your router has the latest firmware by enabling automatic updates in your router’s settings or manually downloading updates in the app or web portal.
- Strengthen your credentials: If you’ve never changed the default login credentials on your router, now’s the time to do it. Weak passwords are the cause of many common attacks. “Devices using default or weak passwords are easy targets,” Itay Cohen, a security researcher at Palo Alto Networks, told me in a previous interview. “Default or simple passwords can be easily brute-forced or guessed.” Most routers have an app that lets you update your login credentials from there, but you can also type your router’s IP address into a URL. These credentials differ from your Wi-Fi name and password, which should also be changed every 6 months or so. The longer and more random your password, the better.
- Consider using a VPN: For an added layer of protection, a virtual private network encrypts all your internet traffic and prevents your internet provider (or anyone else) from tracking the websites or apps you use. You can find CNET’s picks for the best VPN services here.
