Our Security Commitment
At TP-Link, security is not just a checkbox—it's a core pillar of our product strategy and corporate ethos. Over many years, we have developed and refined a comprehensive security framework designed to anticipate, identify, and address risks swiftly and transparently.
Robust Security Practices and Independent Verification
We employ rigorous internal and external security testing on all of our devices—from consumer routers to smart home products. Our internal penetration testing team, composed of experienced professionals, skilled in IoT and embedded systems security, conducts continuous threat modeling and real-world simulation attacks. These assessments follow industry-recognized frameworks such as the OWASP IoT Top 10. Additionally, we work with accredited third-party security labs to scrutinize our products and help us identify, prioritize, and promptly address potential vulnerabilities before they affect our customers.
Data-Driven Evidence of Our Security Posture
We fully acknowledge that vulnerabilities exist across the industry. However, contrary to claims of widespread vulnerabilities, comparative data places TP-Link on par with, or in some cases ahead of, other major industry players in terms of security outcomes. For example, public vulnerability data (sourced from recognized security repositories like CVE Details and VulDB) shows that TP-Link’s rate of vulnerabilities per product is significantly lower than those of other leading manufacturers. While vulnerability severity is important, we consistently address issues promptly. Those same sources show our average CVSS score—an industry-standard metric for vulnerability severity—is in line with other leading router and IoT manufacturers.
Commitment to Secure by Design and Transparency
We recognize that no single company can fully secure the IoT ecosystem on its own. That’s why we strongly support government-led security initiatives and the development of industry standards. Our participation in the “Secure by Design” pledge sponsored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), our active support of the EU’s proposed Cyber Resilience Act (CRA), and our endorsement of the U.S. Cyber Trust Mark all reflect our belief that collective industry advancement—driven by transparent standards and regulations—will raise the security baseline for everyone. We are continually working toward greater supply chain transparency, including distribution of Software Bills of Materials (SBOMs), to provide clearer insight into our device components. In the meantime, we offer prompt firmware updates and publish detailed security advisories, ensuring that we can rapidly deliver patches and enhancements to keep users safe. We also maintain clear end-of-life policies, ensuring devices continue to receive critical updates wherever possible.
Engagement with the Security Community
We are active participants in global security initiatives and have a proactive vulnerability disclosure program. Independent researchers and the security community can report potential issues to us at security@tp-link.com, and we strive to acknowledge these reports within five working days. Our continuous engagement in events like the Zero Day Initiative’s PWN2OWN competition demonstrates our openness to being tested by the world’s best security minds and our willingness to rapidly address and remediate discovered issues.
Continuous Improvement and Accountability
We back up our words with actions. Our continuous integration/continuous delivery (CI/CD) pipeline allows us to catch issues earlier, and findings from ongoing penetration testing directly inform our product roadmaps. We measure success by the speed at which we respond to vulnerabilities, how effectively we reduce their overall volume, and the trust feedback we receive from customers.
In short, TP-Link strives to be a leader in IoT and networking security, while acknowledging that security is never final and always evolving. By working with industry experts, embracing government guidance and standards, and maintaining an unwavering focus on improvement, we ensure that our customers can trust our devices, today and in the future.
Here are some additional important facts about TP-Link Systems:
- 
	As a company headquartered in the United States, no government – foreign or domestic – has access to and control over the design and production of our routers and other devices. 
- 
	TP-Link Systems is no longer affiliated with the China-based TP-Link Technologies, which sells exclusively in mainland China. 
- 
	We proudly provide quality, secure routers and other devices to consumers in the United States and around the world. TP-Link Systems and its subsidiaries do not sell any products to customers in mainland China. 
- 
	TP-Link Systems sells products at multiple price points to be competitive in the marketplace. While our market share has grown as U.S. consumers increasingly recognize the value of and choose to purchase our products, we are not the majority provider of routers in the United States. 
IMPORTANT LINKS
- A Stronger, Safer Digital Future
- How Do I Stay Informed About Security Updates and Announcements
- Where Can I Download Firmware, Drivers, and Other Resources?
- How to Upgrade the Firmware on the TP-Link Wi-Fi Routers
- What Is Home Network Security and How Do I Secure My Wi-Fi Router?
- TP-Link Statement – EU NIS2 Directive
