(Republicaninformer.com)- According to the National Pulse, the Department of Defense is still purchasing TP-Link internet routers, despite the product’s many security vulnerabilities.
Last fall, Cyfirma researchers found that thousands of routers made by the Chinese-based TP-Link are vulnerable to exploitation by cybercriminals and “multiple threat actor groups” from Russia, China, and Iran by exploiting the routers’ Remote Code Execution vulnerability.
According to Cyfirma, researchers found the leaked credentials for TP-Link products listed for sale in Russian forums on the dark web. These credentials can be used by cybercriminals to gain access to TP-Link devices to target an organization’s network.
By reviewing online stores of military exchanges, the National Pulse found multiple TP-Link devices offered for sale to US service members.
According to its review, the Army & Air Force Exchange Service’s online store lists 28 devices made by TP-Link while the Navy Exchange’s website lists 13. The National Pulse found no TP-Link devices at the online stores for the Marine Corps or Coast Guard Exchanges.
Additionally, the National Pulse reviewed the USASpending.gov website and found that the Defense Department purchased TP-Link equipment for “operational purposes.”
In 2021, the DoD awarded a $174,195 contract to FCI Tech in which “TP-Link” was the transaction description. The DoD also awarded a $6,287 contract to FCN, Inc. in 2021 for an order of four TP-Link wireless routers.
The National File found another 2021 contract with FCN for four particular TP-Link routers that the National Institute of Standards and Technology’s Vulnerability Database warned can permit “unauthenticated attackers to execute arbitrary code.”
Between 2021 and 2022, the National Pulse found four additional contracts for the purchase of TP-Link equipment from the Defense Logistics Agency.
TP-Link Technologies Co., Ltd., based in Shenzhen and Hong Kong, is a global manufacturer of computer networking products.