BrianKrebs (@briankrebs@infosec.exchange)
infosec.exchange
Whoa, that escalated quickly. This just got sent out by the press folks at the Federal Communications Commission (FCC). The FCC says it has decided that all foreign-made consumer-grade Internet routers are henceforth prohibited from receiving FCC authorization and are therefore prohibited from being imported for use or sale in the United States. "Update Follows Determination by Executive Branch Agencies that Consumer-Grade Routers Produced in Foreign Countries Threaten National Security WASHINGTON, March 23, 2026—Today, the Federal Communications Commission updated its Covered List to include all consumer-grade routers produced in foreign countries. Routers are the boxes in every home that connect computers, phones, and smart devices to the internet. This followed a determination by a White House-convened Executive Branch interagency body with appropriate national security expertise that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.” "The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.” "This action does not affect any previously-purchased consumer-grade routers. Consumers can continue to use any router they have already lawfully purchased or acquired." "Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations. Interested applicants are encouraged to submit applications to conditional-approvals@fcc.gov." Not sure how many consumer-grade routers will be left for sale if it really is a ban on approvals for any foreign-made consumer routers like they said, and not just a bunch of already restricted Chinese makers like Huawei and ZTE. https://www.fcc.gov/document/fcc-updates-covered-list-include-foreign-made-consumer-routers FCC's "covered list" of "thou shalt not entities": https://www.fcc.gov/supplychain/coveredlist
  • hperrinEnglish
    84·
    1 day ago

    Awesome. So what used to be a $50 router is about to be a $150 router. Great.

    • cmnybo@discuss.tchncs.deEnglish
      26·
      1 day ago

      $150 will get you a mini PC that you can run OPNsense on. Hopefully they don’t ban WiFi access points next.

      • 14th_cylon@lemmy.zipEnglish
        149·
        24 hours ago

        there is not much wifi access points that are not routers at the same time and i doubt that said regulation would make such a minor a distinction.

        also keep in mind that the news articles are specifically talking about tp-link products.

        unfortunately we can only guess, because only official document i have found is as vague as the news reports.

        https://www.fcc.gov/supplychain/coveredlist

        Routers^ produced in a foreign country, except routers which have been granted a Conditional Approval by DoW or DHS.

        • cmnybo@discuss.tchncs.deEnglish
          15·
          22 hours ago

          Access points and routers are usually separate once you get away from the consumer grade stuff. The people that run OPNsense at home often use MikroTik or Ubiquiti access points.

          • 14th_cylon@lemmy.zipEnglish
            21·
            12 hours ago

            i don’t think there is single mikrotik that can’t function as a router. the fact you can configure them as software bridge does not change that.

            the rest answered here:

            there are some but they are definitely in the minority. also this regulation is focused on home and soho devices, it specifically mentiones tp-link, which is really not enterprise brand.

            also the regulation from what i found is so vague, that i suspect that for the author router equals to “that white box with antenna sitting on my table” and is very likely they have no clue about difference between l2 and l3 layer and what router actually is.

        • Appoxo@lemmy.dbzer0.comEnglish
          7·
          22 hours ago

          There are. Just need to shop in the business side of the store and not consumer. At worst pro-sumer.

          • 14th_cylon@lemmy.zipEnglish
            32·
            13 hours ago

            there are some but they are definitely in the minority. also this regulation is focused on home and soho devices, it specifically mentiones tp-link, which is really not enterprise brand.

            also the regulation from what i found is so vague, that i suspect that for the author router equals to “that white box with antenna sitting on my table” and is very likely they have no clue about difference between l2 and l3 layer and what router actually is.

            • pishadoot@sh.itjust.worksEnglish
              21·
              5 hours ago

              You’re being pretty stubborn about your positions but you’re misinformed/ignorant.

              There are SO many Wi-Fi access points that aren’t routers, but a combo router is what most home users buy or get from their ISP. So that’s what you think is “most” when in reality the consumer market is dwarfed by commercial.

              TP-Link has Omada which is not as enterprise as CISCO but it definitely supports small and medium sized businesses, which are at the greatest risk to vulnerabilities due to low IT department skills.