FCC Bans Foreign-Made Routers as a 'National Security Risk'

[mr3p]

I've been running pfsense for a few years now so I can appreciate the need to verify there isn't malicious code in routers although why stop at routers? how about the millions of internet connected devices and computers also coming from outside the US?

 

[harshness]

how about the millions of internet connected devices and computers also coming from outside the US?

Surely most of these devices are a much more powerful and flexible concern than a typical home router when it comes to being conscripted into a botnet.

 

[arlo]

I've noticed a recent surge of folks dumping their TP-Link wifi routers on the likes of FB marketplace and Craigs.
I think it's cool that the RE guys who peek into bootloaders and firmware of these devices and find iffy, hmmm code alert people that the most intricate and sophisticated user password can't protect you from "more rooter than root".
Seeing as how....all? networking devices run Linux.
Anyway. Take your chinesium DVR with 8 camera setup that you can access from anywhere in the world that connects through a server in the land-o-rice and fish. Doorbell cameras and the likes fall into the same situation.

I would have to review if just the RF section of wifi routers are FCC approved. But the recent news banning not CONUS mfg. routers surely opens the door for further examination. There are quips of that floating around.
I don't really have any routers here running stock firmware. But I'm sure the bootloaders haven't been touched.
I even tried a few VPN vendor router firmware that made setting up openvpn easier. That didn't last long. Most have a VPN section in the management console that make loading a config. file a breeze.

Don't know. Communism is just that. I'm not 'paranoid' as such. If a manufacturer swears that the products that they make are not tampered by the powers that be. Are they going to tell you if they actually are?
Everything's Zen. I don't think so. And what IS up with those funky lines of code that they swear they have nothing to do with? The actual contracted programming firms that are responsible for making your fancy device do what it does, all wearing olive drab with red stars? Again. Dunno. If it takes the FCC and NSA to step in and say no-more. I'm all for it. Now if the car manufacturers stop it all. Pay-per heated seats and a few more ponies under the hood.? BS in my book.

 

[harshness]

I believe this is mostly about botnets rather than LAN device safety. Believing that a router can be loaded with software to hack devices on a network is pretty far-fetched. Home LANs don't typically carry the information goldmine that makes them worth exploiting for anything other than botnet uses.

 

[Foxbat]

But they might be located in the home of some professional who connects to their Corporate systems through the home router, and a small percentage of those might be exploited to harvest intelligence that might be of interest. Or, just scraping the screen of an on-line shopping to provide a source of income, or the keys to the kingdom of someone's crypto wallet, which could be used to fund nefarious purposes. Really, if you want to fan the flames of paranoia, the sky's the limit. How feasible this all is, however, remains to be seen.

If the goal is to on-shore manufacturing, great. But you can't just yank the rug out from underneath a whole sector of the IT infrastructure and not have consequences. Hope your $35 Router doesn't die and need to be replaced with a $400 Ubiquity router.

PLEASE LOG IN TO GET RID OF THESE ADS!

 

[harshness]

But they might be located in the home of some professional who connects to their Corporate systems through the home router, and a small percentage of those might be exploited to harvest intelligence that might be of interest.

It is a gargantuan leap from what a router can facilitate to screen-scraping on a personal computer or device.

Anyone who connects to their corporate network other than via an established TLS-encrypted connection (OpenVPN, WireGuard, IPsec) should be fired (along with the networking staff that didn't take positive steps to prevent it).

Hope your $35 Router doesn't die and need to be replaced with a $400 Ubiquity router.

Hallowed brand names aren't immune, as the ban isn't about who makes the routers: it's about where they're assembled, and that's the abject stupidity of the ban. New Ubiquiti routers are most certainly included in the ban. Most, if not all, Cisco, Juniper Networks, and HP routers are manufactured outside the US as well.

If someone is concerned about their router's factory firmware, ddwrt or OpenWRT might be a solution. Mesh systems are a different story...

Yet again, this probably isn't so much about in-home attack surfaces as it is about router-based botnets.

 

[osu1991]

I must still be on Netgears mailing list as I had a Netgear router 15-20 yrs ago. I got the following in an email this morning.



NETGEAR Receives Conditional Approval from the FCC for Consumer Routers

What This Means for You and Your Home

To our Valued Customers:
We're pleased to share that NETGEAR is the first retail consumer router company to receive conditional approval from the Federal Communications Commission (FCC) as a trusted consumer router company. We hope this recognition gives you added peace of mind — knowing that the network powering your home meets rigorous standards.

For context, in March 2026, the FCC called for stronger safety and security standards for consumer routers based upon a risk assessment issued by the federal government.

This aligns with our security-first approach, and we believe the steps the FCC are taking will help ensure the security of your digital front door and home networking products.

As a U.S. founded and headquartered company, NETGEAR is aligned with the vision for a more secure digital future for our customers. For the last thirty years, we have been, and continue to be, committed to leading the consumer router category for the United States and setting the bar for quality, performance, innovation and security.

Your trust means everything to us, and we remain committed to delivering the excellence that your home network deserves.

More information

To learn more about what this approval means – and how we are continuing to take proactive steps to help people upgrade safely and connect with confidence, we invite you to visit our FAQ page. To see our latest products and solutions, please visit NETGEAR product and solutions overview .

Thank you for trusting NETGEAR.

Sincerely,

CJ Prober, NETGEAR CEO

 

[harshness]

For context, in March 2026, the FCC called for stronger safety and security standards for consumer routers based upon a risk assessment issued by the federal government.

That's not at all what the FCC policy does. It only prohibits the sale of routers that haven't already been approved. It is effectively the same as the drone ban and every bit as pointless in a marketplace where there are effectively no companies to protect with anti-competitive policy.

It is great to see that Netgear claims to be committed to securing existing routers, but how extensive that commitment is in terms of models covered remains a huge question.