AS US Ban Looms What Are The Risks When Selling Tapo, Deco & TP Link Products
TP-Link, the Chinese networking giant now facing a potential total ban in the United States following multiple federal investigations into security concerns, appears to be shifting its branding strategy in Australia. The company has begun heavily promoting its Tapo and Deco brands—an approach some observers believe is designed to distance its products from the TP-Link name ahead of possible Australian scrutiny.
The question is does this leave Australian retailers who sell their products exposed or is politics driving the ban.
According to The Washington Post, a U.S. ban could be imminent, with more than half a dozen federal departments and agencies supporting restrictions on TP-Link hardware. U.S. Commerce officials argue the company poses a national security risk because its products handle sensitive American data and remain subject to potential influence from the Chinese government.
Despite being founded and headquartered in China, TP-Link’s leadership has recently insisted that it now operates as an independent U.S. company, claiming no foreign government—including China—has access to or control over its product design or manufacturing processes.
However, investigations by ChannelNews show that TP-Link was established in 1996 by two Chinese brothers, Zhao Jianjun and Zhao Jiaxing. In anticipation of U.S. regulatory action, the firm relocated its parent company to Irvine, California, in 2024, rebranding the American entity as its new “global headquarters.” The company still maintains significant operations in Shenzhen.
TP-Link Australia Pty Ltd, established in 2010, continues to distribute products nationwide. The Australian arm is directed by Dong Guorong and Wang Xingzhi.
Financial records show that for the year ending December 2024, the company generated $148 million in revenue—up from $127 million in 2023—yet profits declined from $14.32 million to $8.94 million. A fully franked dividend of $26.57 million was nevertheless issued. Executives have not commented on why the business is now emphasizing the Tapo and Deco brands over TP-Link.
In a recent U.S. government report, lawmakers expressed deep concern:
“TP-Link’s unusual degree of vulnerabilities and required compliance with Chinese law are in and of themselves disconcerting. When combined with the Chinese government’s use of home-office routers like TP-Link to perpetrate cyberattacks in the United States, it becomes significantly alarming.”
TP-Link reportedly holds 65% of the U.S. consumer router market, a fact that has raised additional concern among U.S. military officials due to widespread use of these products by personnel on American bases. It has also been alleged that TP-Link offered special discounts or direct purchasing options to military staff worldwide.
More than 300 U.S. internet providers currently supply TP-Link routers to their customers, according to The Wall Street Journal. Meanwhile, the Department of Justice’s antitrust division is examining whether the company engaged in predatory pricing to undercut competitors.
Compounding these concerns are a range of documented security vulnerabilities affecting TP-Link’s product lines—including Tapo and Deco devices. Critical flaws have been identified in firmware, some enabling remote code execution or root access.
Recently, researchers disclosed two severe vulnerabilities (CVE-2025-7850 and CVE-2025-7851) in TP-Link VPN routers, which allow attackers—sometimes without login credentials—to execute operating-system commands or obtain full control of the device. Another zero-day vulnerability publicised in December 2024 affects models across the Archer, Deco, and Tapo series, enabling attackers to inject malicious commands and potentially compromise connected devices such as PCs and smartphones.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that numerous TP-Link routers remain under active exploitation. Many popular models, now past end-of-life, continue to be sold or used despite no longer receiving security updates, making them prime targets for cyberattacks.
A Microsoft security report also revealed that TP-Link routers have been leveraged in “password spray attacks” since August 2023—often involving devices left configured with default passwords.























































































