A perfect storm is brewing at the edge of America’s home networks. In March 2026, the Federal Communications Commission issued a sweeping ban on new foreign-made consumer routers, “citing national security risks” from compromised devices that have enabled espionage campaigns like Volt Typhoon and Salt Typhoon. The move was reported by Wired, which explained that the FCC added foreign-made consumer routers to its Covered List of equipment deemed to pose “an unacceptable risk” to US national security.
Yet within weeks, the FCC granted conditional approval to Netgear — a US-headquartered company that manufactures its Nighthawk and Orbi routers primarily in Vietnam, Thailand, Indonesia, and Taiwan — allowing it to continue selling current product lines through October 1, 2027. Adtran and Amazon’s Eero brand soon followed. According to reporting by Cybersecurity Dive, the Department of Defense determined that Netgear’s gear did not “pose unacceptable risks,” but neither the FCC nor the Pentagon has publicly explained the basis for that conclusion.
Hidden Backdoors in Plain Sight
Behind the policy debate lies a more immediate technical crisis. An independent security audit published on the Level1Techs forum revealed that the Netgear Nighthawk RS700S — a flagship Wi‑Fi 7 router — contains a latent backdoor in the form of an sshenabled daemon listening on UDP port 22. When sent a correctly crafted “magic packet,” the service spawns a root shell and opens firewall holes for the sender’s IP address, granting full administrative control over the device. The audit noted that this is a modern variant of Netgear’s long‑standing “telnet enable” backdoor, present across many models.
The RS700S also runs OpenSSL 1.1.1, which reached end-of-life in September 2023, alongside a BusyBox build dated February 2023 and a Linux kernel (4.19.275) several point-releases behind current security standards. Samba, the file-sharing service implicated in numerous router exploits, is enabled by default.
TP‑Link routers fared no better in parallel audits. The BE800 model exposes a similarly broad attack surface — web server, Samba, and UPnP — with little evidence of timely upstream patching.
A Pattern of Neglect — and Lobbying
The technical findings cast a harsh light on Netgear’s public posture. In earnings calls and lobbying filings, the company has positioned itself as a security leader while pointing fingers at competitors like TP‑Link. Yet public disclosures show Netgear spent approximately $500,000 on lobbying in recent years — funds directed in part toward issues like the ROUTERS Act (Removing Our Unsecure Technologies to Ensure Reliability and Security Act). Reporting by The Register highlighted that critics view the FCC ban as industrial policy disguised as cybersecurity, with Netgear’s lobbying efforts aligning suspiciously well with the eventual exemption it received.
BankInfoSecurity noted that the exemption covers only current Netgear product lines, potentially stalling future imports of foreign‑made hardware. The industry association Global Electronics Association criticized the ban, arguing that router vulnerabilities stem primarily from inadequate patching and end-of-life neglect — not from where a device is manufactured.
The Broader Security Crisis
The vulnerabilities are not isolated to Netgear and TP‑Link. In early 2025, cybersecurity firm GreyNoise uncovered a stealthy botnet campaign targeting ASUS routers via the CVE‑2023‑39780 vulnerability, enabling persistent SSH backdoor access. Singapore’s Cyber Security Agency confirmed an ongoing campaign deploying persistent SSH backdoors on ASUS gear as recently as May 2026. The FBI and CISA have repeatedly warned that state‑sponsored actors like Volt Typhoon and Salt Typhoon exploit unpatched bugs, unchanged default credentials, and exposed network ports — not secret hardware backdoors — to compromise home and small‑office routers.
ID Verification and the End of Anonymous Browsing
The router crisis intersects with another policy wave: age and identity verification for online services. New York’s implementation of the Kids Online Safety Act defines any service with profiles and direct messaging as “social media,” requiring identity verification for users — a framework that NBC News reported is raising privacy concerns among experts. If identity verification becomes tied to the router itself — the “beachhead” onto the home network — then a compromised router could allow criminals to impersonate the legitimate account holder from their actual internet connection, making detection far more difficult.
The trend extends beyond social media. Some smart TVs now require account activation before use, and ISPs are increasingly pushing rental‑only routers with proprietary firmware that cannot be audited by consumers. As one researcher put it, “You can’t block invasive traffic at the router if the router itself is the one sending it.”
What Consumers Can Actually Do
With most consumer routers stuck in a cycle of delayed patches and opaque vendor support, experts recommend:
- Demand transparency. Ask manufacturers for a clear five‑year software lifecycle plan — something virtually none currently offer.
- Disable unnecessary services. Turn off file sharing (Samba), UPnP, and remote management unless absolutely required. This reduces — but does not eliminate — latent backdoors like sshenabled.
- Consider open‑source firmware. Projects like OpenWRT and pfSense offer community‑supported updates and transparent codebases. However, even open‑source projects are not immune to supply‑chain attacks, as evidenced by the infamous Dual EC DRBG cryptographic weakness introduced years ago.
- Build your own router. An old PC running open‑source routing software remains the gold standard for security‑conscious users.
- Watch for end‑of‑life signals. Netgear itself has declared many older models EOL, refusing further updates — until negative publicity forces reversals.
The Road Ahead
The FCC’s router ban, intended to harden American home networks, may inadvertently worsen the security landscape by restricting access to newer, more secure foreign‑made hardware while leaving millions of aging, unpatched devices in place. As Milton Mueller, a professor at the University of Georgia’s School of Public Policy, wrote in The Register: “By banning the sale of the newest, most secure Wi‑Fi 7 routers from dominant foreign manufacturers, the FCC forces the American public to pay substantially more for upgraded, more secure equipment or, what is more likely, to keep their older, more vulnerable devices for longer.”
Meanwhile, hidden backdoors, outdated libraries, and lobbying‑fueled exemptions have left consumers caught between geopolitical posturing and the grim reality of their own insecure gateways. As one researcher bluntly summarized: “You should never trust a consumer device naked on the internet. This is insane.”
Source: Level1Techs, GamersNexus(Video Above)
