Texas sues TP-Link over China links and security vulnerabilities
(2026/02/18)
- Reference: 1771435781
- News link: https://www.theregister.co.uk/2026/02/18/texas_sues_tplink_over_china/
- Source link:
TP-Link is facing legal action from the state of Texas for allegedly misleading consumers with "Made in Vietnam" claims despite China-dominated manufacturing and supply chains, and for marketing its devices as secure despite reported firmware vulnerabilities exploited by Chinese state-sponsored actors.
The Lone Star State's Attorney General, Ken Paxton, is filing the lawsuit against California-based TP-Link Systems Inc., which was originally founded in China, accusing it of deceptively marketing its networking devices and alleging that its security practices and China-based affiliations allowed Chinese state-sponsored actors to access devices in the homes of American consumers.
It is understood that this is just the first of several lawsuits that the Office of the Attorney General intends to file this week against "China-aligned companies," as part of a coordinated effort to hold China accountable under Texas law.
[1]
The [2]lawsuit claims that TP-Link is the dominant player in the US networking and smart home market, controlling 65 percent of the American market for network devices.
[3]
[4]
It also alleges that TP-Link represents to American consumers that the devices it markets and sells within the US are manufactured in Vietnam, and that consistent with this, the devices it sells in the American market carry a "Made in Vietnam" sticker.
However, the Attorney General alleges that, despite these representations, TP-Link’s networking and smart home devices are manufactured and developed by Chinese subsidiaries owned and managed by the company. The petition claims the facilities in Vietnam perform only final assembly, with the vast majority of components imported from China and Vietnam-sourced parts accounting for less than one percent of the devices’ components.
[5]
The lawsuit further alleges that the Chinese government confers subsidies on TP-Link, and that the relationship runs deeper than financial support; a Chinese military company is claimed to be working to expand TP-Link's manufacturing, research, and development facilities in Vietnam.
Getting to the meat of the claims, the lawsuit says that TP-Link falsely claims its devices are secure, yet security researchers and experts have for years reported on TP-Link's "numerous and dangerous" firmware vulnerabilities that Chinese state-sponsored hackers have exploited to access the devices.
This would seem to be different from the allegation that TP-Link allows Chinese agents to access its network devices. What the lawsuit actually claims is that TP-Link knows its products are insecure, and that Chinese state-sponsored hackers have taken advantage of the vulnerabilities. It stops short of openly accusing TP-Link of purposely providing backdoors for hackers or refraining from fixing vulnerabilities so that they can be used this way.
[6]
However, this didn't stop The Register columnist Rupert Goodwins from [7]insinuating just such a thing some time ago.
Federal security agencies were also concerned enough about TP-Link routers being used in cyberattacks that a [8]complete ban on their sale was reported to be under consideration in the US at one point. This week, however, it was [9]reported that the US may instead lift bans on some Chinese firms operating in the US, and also walk away from plans to block sales of TP-Link products.
America's Cybersecurity and Infrastructure Security Agency (CISA) also [10]disclosed two flaws in routers made by TP-Link last year that were actively being exploited and needed to be urgently fixed.
The Texas Attorney General also claims that TP-Link's mobile applications collect personal data from consumers while failing to obtain informed consent for this. Chinese national intelligence laws can require Chinese companies and citizens to support, assist, and cooperate with state intelligence work, the filing says, and it alleges that TP-Link’s Chinese affiliations could obligate it to comply with such requests.
[11]CISA sounds alarm over TP-Link wireless routers under attack
[12]TP-Link accuses rival Netgear of 'smear campaign' over alleged China ties
[13]Tens of thousands more ASUS routers pwned by suspected, evolving China operation
[14]China remains embedded in US energy networks 'for the purpose of taking it down'
By omitting this material fact, the company misleads US consumers and fails to obtain informed consent regarding their data, the Office of the Attorney General states.
The Office of the Attorney General is seeking a jury trial for this case, and wants an injunction to prevent TP-Link from claiming its products are "Made in Vietnam," and instead acknowledge that they are made in China. It further wants the company to be forced to make clear its ties to China, and prevent it from collecting consumers' data without obtaining fully informed consent.
"TP-Link will face the full force of the law for putting Americans' security at risk. Let this serve as a clear warning to any Chinese entity seeking to compromise our nation's security," Attorney General Paxton commented.
We asked TP-Link for its reaction to this news and will update if we get an answer. ®
Get our [15]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://www.texasattorneygeneral.gov/sites/default/files/images/press/TP%20P.pdf
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2024/12/23/firmware_malware_opinion/
[8] https://www.theregister.com/2024/12/18/us_govt_probes_tplink_routers/
[9] https://www.theregister.com/2026/02/16/asia_tech_news_roundup/
[10] https://www.theregister.com/2025/09/08/infosec_in_brief/
[11] https://www.theregister.com/2025/09/08/infosec_in_brief/
[12] https://www.theregister.com/2025/11/20/tplink_sues_netgear/
[13] https://www.theregister.com/2025/11/19/thousands_more_asus_routers_pwned/
[14] https://www.theregister.com/2026/02/17/volt_typhoon_dragos/
[15] https://whitepapers.theregister.com/
The Lone Star State's Attorney General, Ken Paxton, is filing the lawsuit against California-based TP-Link Systems Inc., which was originally founded in China, accusing it of deceptively marketing its networking devices and alleging that its security practices and China-based affiliations allowed Chinese state-sponsored actors to access devices in the homes of American consumers.
It is understood that this is just the first of several lawsuits that the Office of the Attorney General intends to file this week against "China-aligned companies," as part of a coordinated effort to hold China accountable under Texas law.
[1]
The [2]lawsuit claims that TP-Link is the dominant player in the US networking and smart home market, controlling 65 percent of the American market for network devices.
[3]
[4]
It also alleges that TP-Link represents to American consumers that the devices it markets and sells within the US are manufactured in Vietnam, and that consistent with this, the devices it sells in the American market carry a "Made in Vietnam" sticker.
However, the Attorney General alleges that, despite these representations, TP-Link’s networking and smart home devices are manufactured and developed by Chinese subsidiaries owned and managed by the company. The petition claims the facilities in Vietnam perform only final assembly, with the vast majority of components imported from China and Vietnam-sourced parts accounting for less than one percent of the devices’ components.
[5]
The lawsuit further alleges that the Chinese government confers subsidies on TP-Link, and that the relationship runs deeper than financial support; a Chinese military company is claimed to be working to expand TP-Link's manufacturing, research, and development facilities in Vietnam.
Getting to the meat of the claims, the lawsuit says that TP-Link falsely claims its devices are secure, yet security researchers and experts have for years reported on TP-Link's "numerous and dangerous" firmware vulnerabilities that Chinese state-sponsored hackers have exploited to access the devices.
This would seem to be different from the allegation that TP-Link allows Chinese agents to access its network devices. What the lawsuit actually claims is that TP-Link knows its products are insecure, and that Chinese state-sponsored hackers have taken advantage of the vulnerabilities. It stops short of openly accusing TP-Link of purposely providing backdoors for hackers or refraining from fixing vulnerabilities so that they can be used this way.
[6]
However, this didn't stop The Register columnist Rupert Goodwins from [7]insinuating just such a thing some time ago.
Federal security agencies were also concerned enough about TP-Link routers being used in cyberattacks that a [8]complete ban on their sale was reported to be under consideration in the US at one point. This week, however, it was [9]reported that the US may instead lift bans on some Chinese firms operating in the US, and also walk away from plans to block sales of TP-Link products.
America's Cybersecurity and Infrastructure Security Agency (CISA) also [10]disclosed two flaws in routers made by TP-Link last year that were actively being exploited and needed to be urgently fixed.
The Texas Attorney General also claims that TP-Link's mobile applications collect personal data from consumers while failing to obtain informed consent for this. Chinese national intelligence laws can require Chinese companies and citizens to support, assist, and cooperate with state intelligence work, the filing says, and it alleges that TP-Link’s Chinese affiliations could obligate it to comply with such requests.
[11]CISA sounds alarm over TP-Link wireless routers under attack
[12]TP-Link accuses rival Netgear of 'smear campaign' over alleged China ties
[13]Tens of thousands more ASUS routers pwned by suspected, evolving China operation
[14]China remains embedded in US energy networks 'for the purpose of taking it down'
By omitting this material fact, the company misleads US consumers and fails to obtain informed consent regarding their data, the Office of the Attorney General states.
The Office of the Attorney General is seeking a jury trial for this case, and wants an injunction to prevent TP-Link from claiming its products are "Made in Vietnam," and instead acknowledge that they are made in China. It further wants the company to be forced to make clear its ties to China, and prevent it from collecting consumers' data without obtaining fully informed consent.
"TP-Link will face the full force of the law for putting Americans' security at risk. Let this serve as a clear warning to any Chinese entity seeking to compromise our nation's security," Attorney General Paxton commented.
We asked TP-Link for its reaction to this news and will update if we get an answer. ®
Get our [15]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://www.texasattorneygeneral.gov/sites/default/files/images/press/TP%20P.pdf
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZZEi87BH6GFd-7mXQaUQAAAANM&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2024/12/23/firmware_malware_opinion/
[8] https://www.theregister.com/2024/12/18/us_govt_probes_tplink_routers/
[9] https://www.theregister.com/2026/02/16/asia_tech_news_roundup/
[10] https://www.theregister.com/2025/09/08/infosec_in_brief/
[11] https://www.theregister.com/2025/09/08/infosec_in_brief/
[12] https://www.theregister.com/2025/11/20/tplink_sues_netgear/
[13] https://www.theregister.com/2025/11/19/thousands_more_asus_routers_pwned/
[14] https://www.theregister.com/2026/02/17/volt_typhoon_dragos/
[15] https://whitepapers.theregister.com/
Re: More red scare bullshit
EdSaxby
100% agree about Paxton.
The more the US restricts and/or bans Chinese products, their own competitiveness is just going to wither away ...while the rest of us just move on.
Re: More red scare bullshit
Anonymous Coward
The one and only time I'm likely to agree with someone still incorrectly claiming to be the 'VoiceOfTruth".
Aluminium replacement!!
spireite
It's aooarent to most of us, that while Trump has tarriffed aluminium everywhere, and they have a readymade huge stash of tinfoil....
same pld same old
paluster
McCarthyism is alive and well and living in Texas. On a more serious note. Repressive regimes always strive to discover or invent external enemies. As far as TP-Link are concerned, all consumer routers are vulnerable becausr new exploits are discovered all the time and most people dont keep the firmware up to date (and most suppliers only provide a couple of years of support on cheap kit). Not in any way unique to TP-Link.
mark l 2
There really isn't any way to make a electronic device these days without the majority of the components being manufactured in China. I bet there are thousands of 'made in America' products that are essentially Chinese components put together in a factory in the US, as there would be no way to do with 100% American made parts.
stiine
Came here to say the same thing. I hope he understands that a bunch of companies are going to publicly ask him to file suits against their competitors if this case succeeds. Either than or TP-Link will change the word 'made' to 'assembled'.
ecofeco
85% of ALL electronics in the entire world are made in China and have been for decades.
Maybe outsourcing every goddamn thing was a bad strategic move? But what do I know? I'm not rich or well connected.
More red scare bullshit
Ken Paxton is a rotten scumbag who spends time and effort to disenfranchise voters of the wrong persuasion.
Europe should have a banned list. People like Paxton would be on it.