TLP: Clear
The FCC\u2019s notice on banning foreign-made routers fails to account for threat actors\u2019 primary attack vector: firmware vulnerabilities and credential abuse that persist regardless of device origin. Salt Typhoon targeted Cisco, a California-based company, with a privilege escalation vulnerability on its IOS XE routers\u2014 an attack where patching cadence matters more than device origin. Rather than focusing on routers made in America, organizations should prioritize selecting devices with active disclosure programs and transparency when reporting security vulnerabilities and patches.
FCC identified Volt, Flax, and Salt Typhoon as cyberattacks targeting critical infrastructure. All three attacks were due to firmware vulnerabilities and credential abuse, not manufacturing geography.
Volt Typhoon performed attacks on Fortinet VPNs and SOHO routers \u2014 which include devices from US based vendors through zero-day exploits, and default credentials. Once compromised, threat actors escalated privileges and moved laterally into critical infrastructure.
Flax Typhoon \u2014 a group linked to the Chinese tech contractor Integrity Technology Group, used known vulnerabilities to exploit VPN software and Remote Desktop connections. Once infected, the device joins a botnet using a Mirai variant to perform DDOS attacks and espionage.
Salt Typhoon targeted US telecommunication systems using known vulnerabilities such as CVE-2023-20198 and CVE-2023-20273 in Cisco and Fortinet devices, with CISA identifying Juniper firewalls as suspected targets among others. Once infected, threat-actors modified firewall rules and opened ports so that they could maintain persistence.
The FCC\u2019s claim that routers manufactured outside the United States pose a security risk raises possibilities that its document alone cannot answer.
The FCC is acting on classified information. In 2020, the FCC confirmed that it reviewed classified information to ban Huawei and ZTE products. Although it is plausible \u2014 the classified nature of the ban prevents security analysts from validating their claims.
The FCC is acting on policy rather than technical analysis. Policy moves stock markets - The DJI ban in 2025 directly affected the stocks of US based drone companies. Increased stock prices may be beneficial to the economy, but it does not address the alleged security concerns in routers.
Foreign manufacturers are a legitimate risk. Hardware backdoors are real and documented. Edward Snowden released documents from 2010 that revealed that the NSA implanted surveillance devices into Cisco routers \u2014 an attack that could easily happen with products destined to the United States. There have been no publicly released reports on foreign actors modifying hardware or firmware during the manufacturing process.
Many cyberattacks are opportunistic \u2014 threat actors exploit the path of least resistance rather than targeting specific manufacturers, and while they can have devastating effects, organizations can take steps to reduce their impact. Maintaining vendor support and patching are two of the biggest factors in protecting infrastructure. The cyber attacks cited in the FCC document involve firmware-related threats in existing products \u2014 not the result of foreign interference.
While foreign governments can modify hardware during production, it is more likely that threat actors will exploit existing software vulnerabilities. Organizations should monitor vendor-related threat feeds and focus on maintaining vendor support and patching.
Sources
Government & Regulatory
FCC National Security Determination \u2014 Routers (March 2026): https://docs.fcc.gov/public/attachments/DA-26-278A1.pdf
CISA Advisory AA24-038A \u2014 Volt Typhoon (February 2024): https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
CISA Advisory AA25-239A \u2014 Salt Typhoon (September 2025): https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a
CISA Advisory AA24-257A \u2014 Flax Typhoon (September 2024): https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-257a
US Treasury \u2014 Integrity Technology Group Sanctions (January 2025): https://home.treasury.gov/news/press-releases/jy2769
Federal Register \u2014 FCC Huawei/ZTE Classified Review (January 2020): https://www.federalregister.gov/documents/2020/01/03/2019-27610
NIST IR 8425A \u2014 Consumer Router Security Requirements (September 2024): https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8425A.pdf
Threat Intelligence
8. Recorded Future \u2014 RedMike/Salt Typhoon Cisco Campaign (February 2025): https://www.recordedfuture.com/research/redmike-salt-typhoon-exploits-vulnerable-devices
9. Microsoft \u2014 Volt Typhoon LOTL Techniques (May 2023): https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques
10. Palo Alto Unit 42 \u2014 Volt Typhoon Threat Brief (2024): https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief
11. NJCCIC \u2014 Salt Typhoon Profile: https://www.cyber.nj.gov/threat-landscape/nation-state-threat-analysis-reports/china-linked-cyber-operations-targeting-us-critical-infrastructure/salt-typhoon
12. NJCCIC \u2014 Volt Typhoon Profile: https://www.cyber.nj.gov/threat-landscape/nation-state-threat-analysis-reports/china-linked-cyber-operations-targeting-us-critical-infrastructure/volt-typhoon
13. CyberScoop \u2014 Cisco Talos Salt Typhoon Analysis (February 2025): https://cyberscoop.com/cisco-talos-salt-typhoon-initial-access
Vendor Vulnerabilities
14. NVD \u2014 CVE-2021-40847 Netgear RCE: https://nvd.nist.gov/vuln/detail/CVE-2021-40847
15. NVD \u2014 CVE-2023-20198 Cisco IOS XE: https://nvd.nist.gov/vuln/detail/CVE-2023-20198
16. Cybellum \u2014 CVE-2022-38132 Linksys MR8300 (2022): https://cybellum.com/blog/how-we-found-cve-2022-38132-linksys-mr8300-zero-day
17. Eclypsium \u2014 Netgear Firmware Vulnerabilities (2025): https://eclypsium.com/blog/vulnerabilities-in-netgear-firmware-based-iot-devices-in-the-enterprise
18. Netgear Security Advisory \u2014 December 2025: https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory
Manufacturing & Market
19. Consumer Reports \u2014 Foreign Router Ban (March 2026): https://www.consumerreports.org/electronics-computers/wireless-routers/foreign-made-routers-fcc-ban-a1057564057
20. DroneXL \u2014 FCC Router Ban Same Playbook as DJI (March 2026): https://dronexl.co/2026/03/23/fcc-bans-foreign-routers-citing-security-risks-dji
21. PetaPixel \u2014 DJI Ban and Market Impact (December 2025): https://petapixel.com/2025/12/23/us-government-bans-new-dji-and-other-foreign-made-drones
22. The Drone Girl \u2014 US Drone Stock Market 2025: https://www.thedronegirl.com/2025/11/25/drone-stocks-in-2025
NSA Supply Chain Interdiction
23. Engadget \u2014 NSA Bugged Cisco Routers (May 2014): https://www.engadget.com/2014-05-16-nsa-bugged-cisco-routers.html
24. Lawfare \u2014 Supply Chain Attacks (2023): https://www.lawfaremedia.org/article/supply-chain-attacks-why-us-should-worry
25. Computerworld \u2014 Cisco Ships to Fake Addresses (March 2015): https://www.computerworld.com/article/1633983/to-avoid-nsa-cisco-delivers-gear-to-strange-addresses.html
" } ] }