Cybersecurity Concerns Rise Over TP-Link Routers and CentOS Bug

The U.S. government is considering a ban on TP-Link routers due to security concerns connected to Chinese cyber threats. Investigations by the Departments of Commerce, Defense, and Justice have opened probes into TP-Link's ties to potential cyberattacks.

A recent report by the Washington Post indicates that more than half a dozen federal agencies support this ban, with the Justice Department also examining whether TP-Link engaged in predatory pricing tactics.

TP-Link has become a leading brand in the U.S. router market, growing from 20% of total sales in 2019 to approximately 65% in 2023, according to reports. Rob Joyce, a former director of cybersecurity at the NSA, advised the House Select Committee on China about the risks posed by TP-Link routers, urging users to replace them to avoid becoming tools for cyberattacks against the U.S.

However, TP-Link President Jeff Barney has refuted claims linking the company to the Chinese government, stating that the allegations lack evidence. Experts agree that while TP-Link has security vulnerabilities, these are not unique to the brand, as similar flaws exist in routers from other manufacturers.

Cybersecurity expert Thomas Pace from NetRise suggested that fears regarding TP-Link stem more from corporate structure and ties to China than from specific technical vulnerabilities. Recent attacks attributed to Chinese hackers, like the Salt Typhoon incident, have heightened concerns about vulnerabilities in embedded devices, including those from various manufacturers, not just TP-Link.

Meanwhile, the Cybersecurity and Infrastructure Security Agency, or CISA, has issued a warning about a critical vulnerability in the CentOS Web Panel, which has been exploited in attacks. This flaw, tracked as CVE-2025-48703, allows remote, unauthenticated attackers to execute arbitrary commands.

CISA has included this vulnerability in its Known Exploited Vulnerabilities catalog and mandated that federal entities apply security updates by November 25 or cease using the software. This critical vulnerability underscores the need for enhanced cybersecurity measures across various platforms.

Cybersecurity is increasingly in focus as U.S. federal contractors face stringent scrutiny over their compliance with cybersecurity protocols, particularly under the False Claims Act. The Department of Justice has ramped up enforcement actions related to cybersecurity, resulting in significant settlements and highlighting the importance of maintaining high security standards within the technology sector.