The U.S. Federal Communications Commission granted large cable internet service providers a limited one-year waiver allowing manufacturers to replace certain parts in previously approved consumer routers without new certification. The waiver followed an NCTA request warning that the FCC’s earlier restrictions on foreign-made consumer routers could trigger shortages and supply-chain disruption, and it permits changes such as substrate materials and memory modules so existing models can stay in production. The FCC said the broader policy was driven by national security concerns, including evidence that routers have been used in hacking campaigns by actors including Chinese state-linked groups, while previously extending the deadline for software and firmware support on already approved devices until 2029-01-01.
The policy shift comes as scrutiny of router vendors intensifies, including a new Netgear counterclaim against TP-Link in Delaware federal court alleging false advertising over TP-Link’s portrayal of itself as an American company and its representations about product origin. Netgear argues TP-Link’s California reincorporation did not sever core ties to China-based leadership, R&D, and manufacturing, while TP-Link has accused Netgear of improperly linking it to cyber activity associated with the Typhoon threat groups. The dispute is unfolding alongside reviews by the Department of Defense, Commerce Department, FCC, FTC, and state attorneys general, underscoring how supply-chain security, vendor provenance, and router abuse in espionage campaigns are shaping U.S. broadband and device policy.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
The FCC previously delayed the cutoff date for software and firmware updates for already approved routers until Jan. 1, 2029.
The FCC granted a limited one-year waiver allowing large cable ISPs and manufacturers to substitute certain components in previously approved consumer routers without recertification after NCTA warned of shortages and supply-chain disruption.
The FCC imposed a ban in March on foreign-made consumer routers, citing national security concerns and findings that hackers, including Chinese nation-state actors, had used routers in hacking campaigns.
In November, TP-Link sued Netgear, accusing it of running a smear campaign and falsely linking TP-Link to cyberattacks associated with the Typhoon threat groups.
Netgear's June 11 counterclaims said TP-Link reincorporated in California in 2024 but argued the move did not materially separate the company from its China-based operations.
TP-Link's November lawsuit said Netgear had breached a 2024 settlement that ended patent litigation between the companies for $135 million.
On June 11, Netgear filed counterclaims in federal court in Delaware alleging false advertising and deceptive trade practices tied to TP-Link's claims about independence from China and product origin.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
5 references tracked. Mallory keeps watching after this page renders.
bankinfosecurity.com
Open sourcegovinfosecurity.com
Open sourcetomshardware.com
Open sourceismg-cdn.nyc3.cdn.digitaloceanspaces.com
Open sourceismg-cdn.nyc3.cdn.digitaloceanspaces.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.