Networking giant Netgear says it has secured FCC approval to keep selling specified routers made overseas after the FCC levied a foreign router ban on a wide range routers produced in foreign countries.
Netgear says that approval allows it to continue making those products in southeast Asia. Netgear said in an FAQ posted to its site that it manufactures consumer router products in Indonesia, Vietnam and Thailand. As a precaution, it said, it no longer procures internet-connected components from manufacturers in China or entities owned or controlled by China.
“We are proud to be the first retail consumer router company to receive FCC conditional approval under the new security standards,” said Charles (CJ) Prober, CEO of the San Jose, California-based Netgear.
The FCC notice granting Netgear’s approval, however, does not publicly frame the exemption as a simple no-China-parts condition (PDF).
“We currently manufacture our consumer router products in Indonesia, Vietnam and Thailand, nations that are considered allies by the U.S. Government,” Netgear said in announcing the decision.
“As a precaution, we no longer procure internet-connected components from manufacturers in China, or entities owned or controlled by China (or any other country deemed to be a foreign adversary).”
To be clear, the FCC action does not ban overseas manufacturing of foreign-made routers outright. It instead put new covered routers through a conditional-approval process before they could receive FCC equipment authorization.
Uptick in Router Risks, says FBI
The FCC foreign router ban also lands amid the backdrop of federal law enforcement warnings about router risks. On March 12, the FBI’s Internet Crime Complaint Center warned that malware-infected routers were being abused as residential proxies, with one service tied to access sold from roughly 369,000 compromised devices since 2020. Less than a month later, on April 7, the FBI and its partners warned that Russian GRU actors were exploiting vulnerable routers to alter DNS settings, intercept traffic and steal credentials.
In an NPR interview on April 14, CrowdStrike co-founder Dmitri Alperovitch said Russian operators in the recent campaign “cast a really wide net,” scanning for vulnerable routers around the world and only later sifting through the haul for useful targets. The implication is consumer-routers can quickly become a work-from-home springboard for criminals to access business and government systems.
“We have proactively aligned our supply chain and development practices with these evolving U.S. security expectations,” Prober said regarding the FCC foreign router ban.
Netgear’s announcement makes it one of the first named router vendors to win such relief, but not the only one. The FCC’s April 14 notice also granted a router conditional approval to Adtran for its Service Delivery Gateway class routers. That means Netgear can fairly say it is among the first companies to receive approval, but not uniquely the first.
Making ‘The List’ Nobody Wants to be On
The March order added routers produced in a foreign country to the Covered List, not all foreign manufacturers. The action affects authorization of new covered products. Routers already approved and on the market were not pulled from supply shelves, and existing devices can continue receiving software and firmware updates under an FCC waiver through at least March 1, 2027.
While the declaration was framed broadly enough to reach products and components from non-domestic facilities, the policy was widely understood as part of Washington’s larger campaign to reduce dependence on Chinese-made networking gear. The FCC’s public notice itself, however, speaks in terms of routers produced in foreign countries and an executive-branch national security determination, rather than a China-only rule.
Impact of Router Rule Questioned
The public FCC notices do not say the government acted because Beijing was pressuring factories to seed products with malware or surveillance tools. They also do not cite Volt Typhoon or Salt Typhoon as proof that a single shared router component had already compromised multiple brands. Those claims go further than the source documents support.
What outside experts are saying is somewhat different. Analysts and academics have questioned whether the FCC’s rule gets at the real source of router insecurity, arguing that weak defaults, patching failures and end-of-life neglect often matter more than geography alone.
Mike Dano, lead telecom analyst at Ookla, told the Houston Chronicle there is “very little detail” in the FCC’s rules about digital security and warned that a stingy waiver process could create problems for vendors that still need to ship products and provide updates. Northeastern University professor Aanjhan Ranganathan similarly said the United States does not yet have the facilities to fully sever its reliance on foreign-made routers.
Meanwhile, Netgear is telling customers that its currently approved and future covered router lines can remain protected so long as it maintains that conditional approval.
“All Netgear routers, current and future, will be protected as long as we maintain our conditional approval,” the Netgear FAQ states.
For consumers and businesses, the practical takeaway is less about geopolitics than hygiene.
Federal warnings in the last month have again pointed users toward the basics: replace end-of-life routers, install the latest firmware, change default passwords, disable remote management when it is not needed, and pay close attention to certificate warnings and unusual DNS behavior.
For organizations with remote workers, the FBI has also advised reviewing how employees use personal routers to reach sensitive corporate systems.
Shaun Nichols is an IT news journalist. He has spent nearly 20 years covering the industry with a specialty in the cybersecurity
