The state of Texas has filed a lawsuit against networking company TP-Link Systems, accusing it of misleading consumers about the security and origin of its routers.
The legal action was announced by Texas Attorney General Ken Paxton, who claims the company marketed its products as secure. At the same time, firmware vulnerabilities allegedly allowed Chinese state-backed hackers to exploit the devices.
According to the lawsuit, TP Link labeled certain routers as “Made in Vietnam” even though most of the components were reportedly sourced from China. Paxton argues that this detail matters because Chinese law can require companies with supply chain ties to China to cooperate with government intelligence requests. The suit also claims TP Link devices were previously exploited in cyber operations linked to Chinese threat actors.
The complaint references a large-scale botnet composed of compromised home and small-business routers, many of them TP-Link devices. In October 2024, Microsoft reported on a botnet tracked as Quad7, also known as CovertNetwork 1658 or xlogin, which was allegedly operated by Chinese hacking groups and used in credential theft and password spray attacks. Texas officials argue this history raises serious concerns about national security and consumer privacy.
Paxton is seeking civil penalties and court orders that would require TP Link to clearly disclose the Chinese origins of its products and stop collecting consumer data without informed consent. Federal agencies have also flagged several TP Link vulnerabilities in recent years, and the issue reportedly drew attention from multiple U.S. government departments in 2024.
In response, TP Link strongly denied the allegations. A company spokesperson said the claims are without merit and insisted that neither the Chinese government nor the Chinese Communist Party controls the company or its products. TP Link stated that it operates as an independent American company, that its CEO resides in California, and that U.S. user networking data is stored securely on Amazon Web Services servers located in the United States.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
