Texas sued networking giant TP-Link Systems, accusing the company of deceptive marketing and security failures and seeking civil monetary penalties and injunctions, according to a lawsuit filed by the Texas Attorney General.
KEY FACTS
- Incident Texas filed a lawsuit against TP-Link for alleged deception and security risks.
- Vulnerabilities Firmware flaws and router compromise are cited as repeat security failures.
- Labeling Devices marketed as “Made in Vietnam” while components were reportedly sourced from China.
- Relief sought Civil monetary penalties and injunctions requiring disclosure and data-consent practices.
The lawsuit asserts that TP-Link marketed its routers as secure while allowing firmware vulnerabilities to be exploited by Chinese state-backed hackers and other threat actors.
The filing says the company labeled products “Made in Vietnam” while sourcing nearly all components from China and raises concerns that Chinese law could compel companies with supply-chain ties to cooperate with government intelligence requests.
The suit points to a history of security failures, including firmware vulnerabilities exploited in attacks and the use of compromised routers in a large-scale credential-theft botnet built from hacked home and small-business devices.
CISA’s catalog of known exploited vulnerabilities lists multiple TP-Link security flaws in active exploitation.
The complaint seeks injunctions that would require TP-Link to disclose Chinese origins of device components and to stop collecting consumer data without informed consent. TP-Link has disputed the claims and told a news outlet the allegations are “without merit” and that U.S. user data is stored on domestic Amazon Web Services servers.
WHY IT MATTERS
The case highlights regulatory scrutiny of device supply chains and the security implications of exploited router vulnerabilities. Outcomes could affect transparency rules for manufacturers and influence procurement and consumer trust.