Texas Files Lawsuit Against TP-Link for Concealing Chinese Manufacturing Practices

The Texas attorney general has filed a lawsuit against Wi-Fi router manufacturer TP-Link Systems, alleging violations of state consumer protection laws. The suit accuses the company of misrepresenting its connections to mainland China and the security of its devices, which are prevalent across American households.

Filed in a Dallas-area courthouse, the legal action claims that TP-Link falsely markets its routers as being manufactured in Vietnam while maintaining significant operations in China. Attorney General Ken Paxton has criticized the firm for using Vietnamese facilities solely for final assembly, indicating that the majority of production occurs in China.

In a statement accompanying the filing, the attorney general asserted that despite branding itself as a secure device provider, TP-Link’s routers have been utilized in cyberattacks initiated by state-sponsored hackers from the People’s Republic of China against U.S. interests. This raises significant concerns regarding the potential exploitation of their products for malicious activities.

This lawsuit is one of several actions taken by Paxton aimed at Chinese companies, including previous legal challenges against television manufacturers Hisense and TCL, and more recent suits against Anzu Robotics. Notably, Paxton is vying for the Republican nomination for the U.S. Senate in the upcoming March primary, aligning himself with the “Make America Great Again” movement.

The lawsuit seeks damages of up to $10,000 per violation under the Texas Deceptive Trade Practices Act. It also demands that TP-Link publicly disclose its Chinese manufacturing origins, amidst claims of security vulnerabilities, such as CVE-2025-9377, linked to outdated TP-Link routers. The action requests a temporary restraining order to halt the company from collecting and disclosing the data of consumers in Texas via its mobile applications.

TP-Link Systems, based in California, is positioned as a distinct entity from its Chinese counterpart TP-Link Technologies. Reports indicate that both firms underwent a splitting process in October 2024, with the California-based company claiming responsibility for global sales. However, industry analysts note that TP-Link Systems still employs thousands in China, including at facilities that involve direct investment from the Chinese government.

In a backdrop filled with tightening restrictions on Chinese tech companies—including bans on products from Huawei and ZTE—this lawsuit reflects broader tensions concerning national security and the integrity of communication technologies used within the United States. Experts have expressed concern over the potential risks posed by foreign-manufactured networking equipment, underscoring the need for greater scrutiny in procurement processes.

Cybersecurity professionals should be acutely aware of the implications of these allegations, particularly as they relate to methods that adversaries may employ. The MITRE ATT&CK framework indicates that tactics such as initial access, execution, and exfiltration could be relevant in understanding how such attacks might be orchestrated. The context surrounding this lawsuit serves as a reminder of the importance of rigorous security evaluations when selecting hardware and software solutions for business operations.

In its defense, TP-Link has contended that it is the target of defamatory actions and has initiated legal proceedings against rival Netgear for purportedly disseminating accurate but misleading information to further their competitive interests. This ongoing dispute sheds light on the complex landscape of cybersecurity, where accusations and counterclaims can have substantial repercussions for corporate entities and consumer trust alike.