Draft:TP-Link Systems

• File:Symbol opinion vote.svg Comment: In accordance with the Wikimedia Foundation's Terms of Use, I disclose that I have been paid by my employer for my contributions to this article. Gguice (talk) 20:40, 21 July 2025 (UTC)

TP-Link Systems Inc. (“TP-Link” together with its subsidiaries and parent companies) is a private U.S.-based technology company, headquartered in Irvine, California.^[1] TP-Link supplies their products to consumer and enterprise markets globally, except in mainland China.^[2]

Despite having similar names, TP-Link has no affiliation with TP-Link Technologies Co., Ltd., which is headquartered in and serves the mainland Chinese market and has wholly separate ownership, management, and operations.^[3] Information on TP-Link Technologies Co., Inc. is available on this Wikipedia page.  

TP-Link is a supplier of wireless networking equipment and smart home devices, including routers, mesh networks, smart switches and lights, cameras, and robot vacuums. In the home router and networking equipment market, more than 71 percent of consumers receive these devices from their access internet service provider (ISP^[4]).^[5] The remaining 29% of the market is comprised of sales at retail outlets such as Best Buy Target, or Wal Mart, online sales through Amazon and other e-commerce sites, and independent installers,^[6] commonly considered to be a "direct-to-consumer" business model.^[7] TP-Link primarily utilizes the "direct-to-consumer" business model. In 2024, TP-Link held a 36.6% unit share (and 31% dollar share) of the U.S. direct-to-consumer router market.^[8] TP-Link’s products have been reviewed by a number of independent consumer and technology reviewers, including but not limited to PCMag, Wirecutter, Engadget, CES, Business Insider, and J.D. Power.^[9]

TP-Link was founded in 1996 in Shenzhen, China. The company’s name is a nod to Alexander Graham Bell’s invention of twisted pair (TP) cabling.^[10]

In 2008, TP-Link USA entered the U.S. market.^[11] It continued to build on its existing presence in the U.S. with the launch of Kasa Smart in 2015 in Silicon Valley.^[12]

In early 2022, the process for formal separation began between TP-Link and TP-Link Technologies Co., Ltd., in China, instituting entirely separate ownership and management.^[13] The company operated dual headquarters in Irvine, California and Singapore.^[14]

In October 2024, TP-Link USA and TP-Link Global merged to establish TP-Link Systems Inc. with sole headquarters in Irvine, California.^[15]

In March 2025, TP-Link Systems, Inc., founder Jeffrey Chao announced a $700 million investment in the U.S. to build a factory as well as accelerate research and development on highly secure routers.^[16]

In March 2025, Bloomberg reported that Chao applied for a U.S. green card in January 2025.^[16]  

Publicly available vulnerability data compiled by the U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency’s (CISA) indicate that TP-Link’s rate of vulnerabilities per product is significantly lower than its competitors. According to CISA, TP-Link has 3 known exploited vulnerabilities,^[17] while other competitors such as Cisco has 76^[17] and NETGEAR has 8.^[17]  

In early 2024, following a destructive Volt Typhoon attack, the U.S. Department of Justice reported that the “vast majority of routers that comprised the KV botnet were Cisco and NETGEAR” routers.^[18]

Later that year, Microsoft Threat Intelligence reported that threat actors had also exploited CovertNetwork-1658, which includes TP-Link routers.^[19] In response, TP-Link developed and released firmware patching the vulnerabilities used by the Storm-0940/Quad7 threat actor, even though the affected router models used in the Quad 7 botnet being past their EOL/EOS date.^[20]

Former Federal Communications Commissioner Michael O’Rielly wrote in March 2024 that “there is no evidence to suggest negligence or maliciousness with regard to past vulnerabilities or weaknesses in TP-link’s security” and encouraged the U.S. government to keep track of the company “and other manufacturers’ cybersecurity” practices.^[21]

No government has control nor access to the design/production of TP-Link devices.^[22] TP-Link has, however, volunteered in several U.S. government security initiatives to help improve the cybersecurity of all routers. For example, within the National Institute of Standards and Technology (NIST), TP-Link is a registered Common Vulnerabilities and Exposures Numbering Authority, taking direct responsibility for identifying and publicizing cybersecurity vulnerabilities in the NIST database.^[23] Additionally, TP-Link is a signatory of the CISA “Secure by Design” pledge.^[24]

TP-Link’s U.S. user data is encrypted and housed on AWS infrastructure in Virginia.^[25] TP-Link’s smart home brand Tapo uses AES 128-bit encryption and follows the TLS 1.2 encryption protocol when storing and transmitting sensitive information, including information related to identity and camera videos.^[26] The company encourages organizations and individuals to report any potential security issues via email.^[27]

The ROUTERS Act, passed in the U.S. House of Representatives and introduced in the Senate, would require the U.S. Department of Commerce to “conduct a comprehensive study of the national security risks posed by consumer-grade routers, modems, and combined modem-router devices.”^[28] In a letter to the Federal Communications Commission (FCC) on May 8, 2025, TP-Link shared its full support for the ROUTERS Act.^[29] In early 2025, Adam Robertson joined TP-Link as the Chief Information Security Officer.^[30] References