TP-link has earned a reputation as a producer of insecure routers. They seem to push things out as soon as the code is functional without any security testing. Yeah, they're absolutely a security risk.
But there's some additional context required here. Pretty much all the other Small Office/Home Office (SOHO) routers do the exact same thing. People want cheap devices and there's no independent security testing reports that consumers can use to tell which ones are actually more secure. So they choose based on price and thus the companies focus on price instead of security.
Second, there's reason to question the threat to national security. These routers aren't secure, but they are also not used in big companies for anything important (if in use at all). Companies are well aware that home offices are not necessarially secure and they keep the data on their server where they have proper protections in place. Attackers getting into home networks is kinda expected and planned for.
Small businesses are at risk, as they generally don't have any cybersecurity. But again, this is not unique to TP-Link nor is a mom & pop shop getting hacked a matter of national security.
@Dr. Hax pretty much the angle I'm looking at it from, wondering (as usual) if I missed something
Interesting read. Given your knowledge, what do you run at home?
I'm running mikrotik with TP link APs but I'm second guessing the APs between this and some recent reliability issues.
I currently have an enterprise grade router and am going to replace it with OPNsense.
For my wifi access points, it's OpenWRT, but they don't do any routing, DHCP or anything interesting. It really just converts between ethernet and wifi.
I've heard microtik is pretty decent in terms of security, but I haven't used it nor done any analysis on it personally.
Interesting. I got all excited for a minute for a free fix but 2 of my 3 AP are not supported. The 3rd that is supported appears to have died.
Do you know off the top of your head if openwrt supports vlan isolated networks? Eg vlan1 me, vlan2 guests with separate SSIDs.