FCC Prohibits Foreign Made Routers

Did you get the memo?  The one on the Internet from the FCC, you know, about your network routers?

On March 23, 2026, the FCC published a list of prohibited computer network routers.  They deemed that the routers on the “Covered List” pose an unacceptable risk to the national security of the U.S. and its citizens.  These routers, primarily manufactured in untrusted foreign countries, are prohibited from being imported, sold, or used in the United States.

What to do: Check whether your router model appears on the FCC “Covered List” (https://www.fcc.gov/supplychain/coveredlist).

Keeping up with breach headlines and nonstop warnings about new attacks—up to and including ransomware—can feel overwhelming.

That’s why FCC notices about hostile actors taking control of network routers are worth your attention—even if no letter or postcard shows up and you’re not checking federal websites with your morning coffee. Staying current can be frustrating and time-consuming.

The concern is that compromised routers can intercept, redirect, or disrupt your traffic—exposing credentials and sensitive data.  This could lead to much further harm, such as taking control of your network, your systems, your email, and your data.  This could also lead to a ransomware event.

Often in this topic, it’s not the brand; it’s unpatched vulnerabilities that attackers exploit.  The FCC, for one, is constantly looking for those vulnerabilities being exploited.

The FCC’s Covered List, containing the list of makes and models prohibited, is intended to reduce risks for U.S. businesses and households.

Many common router models (or their components) are manufactured overseas. Vendors can seek removal from the Covered List through the FCC’s conditional approval process, so it is important to look specifically at the router models on the Covered List, not just the manufacturer name.

If it’s listed, replace it, and recheck the list quarterly for updates to the covered list.  Also be sure to have your tech services provider keep the router up to date with its firmware, hopefully automatically.

This applies to work-from-home routers too, whether employee-owned or provided by their ISP.

A2C is your trusted partner and subject matter expert on information security and compliance.  We will continue sharing short updates on urgent risks you may have missed. Contact us if you’d like help reviewing your router inventory or choosing replacements.

Related reading (optional):

Internet Crime Complaint Center (IC3) | Russian GRU Exploiting Vulnerable Routers to Steal Sensitive Information

Tony Haux

CTO/CISO, Accelerate2Compliance