Our Security Commitment

At TP-Link, security is not just a checkbox—it's a core pillar of our product strategy and corporate ethos. Over many years, we have developed and refined a comprehensive security framework designed to anticipate, identify, and address risks swiftly and transparently.

Robust Security Practices and Independent Verification

We employ rigorous internal and external security testing on all of our devices—from consumer routers to smart home products. Our internal penetration testing team, composed of experienced professionals, skilled in IoT and embedded systems security, conducts continuous threat modeling and real-world simulation attacks. These assessments follow industry-recognized frameworks such as the OWASP IoT Top 10. Additionally, we work with accredited third-party security labs to scrutinize our products and help us identify, prioritize, and promptly address potential vulnerabilities before they affect our customers.

Data-Driven Evidence of Our Security Posture

We fully acknowledge that vulnerabilities exist across the industry. However, contrary to claims of widespread vulnerabilities, comparative data places TP-Link on par with, or in some cases ahead of, other major industry players in terms of security outcomes. For example, public vulnerability data (sourced from recognized security repositories like CVE Details and VulDB) shows that TP-Link’s rate of vulnerabilities per product is significantly lower than those of other leading manufacturers. While vulnerability severity is important, we consistently address issues promptly. Those same sources show our average CVSS score—an industry-standard metric for vulnerability severity—is in line with other leading router and IoT manufacturers.

Commitment to Secure by Design and Transparency

We recognize that no single company can fully secure the IoT ecosystem on its own. That’s why we strongly support government-led security initiatives and the development of industry standards. Our participation in the “Secure by Design” pledge sponsored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), our active support of the EU’s proposed Cyber Resilience Act (CRA), and our endorsement of the U.S. Cyber Trust Mark all reflect our belief that collective industry advancement—driven by transparent standards and regulations—will raise the security baseline for everyone. We are continually working toward greater supply chain transparency, including distribution of Software Bills of Materials (SBOMs), to provide clearer insight into our device components. In the meantime, we offer prompt firmware updates and publish detailed security advisories, ensuring that we can rapidly deliver patches and enhancements to keep users safe. We also maintain clear end-of-life policies, ensuring devices continue to receive critical updates wherever possible.

Engagement with the Security Community

We are active participants in global security initiatives and have a proactive vulnerability disclosure program. Independent researchers and the security community can report potential issues to us at security@tp-link.com, and we strive to acknowledge these reports within five working days. Our continuous engagement in events like the Zero Day Initiative’s PWN2OWN competition demonstrates our openness to being tested by the world’s best security minds and our willingness to rapidly address and remediate discovered issues.

Continuous Improvement and Accountability

We back up our words with actions. Our continuous integration/continuous delivery (CI/CD) pipeline allows us to catch issues earlier, and findings from ongoing penetration testing directly inform our product roadmaps. We measure success by the speed at which we respond to vulnerabilities, how effectively we reduce their overall volume, and the trust feedback we receive from customers.

In short, TP-Link strives to be a leader in IoT and networking security, while acknowledging that security is never final and always evolving. By working with industry experts, embracing government guidance and standards, and maintaining an unwavering focus on improvement, we ensure that our customers can trust our devices, today and in the future.