That little blinking box in the corner of your living room — the one you haven’t thought about since you plugged it in — might be working for someone else right now. Not your family streaming Netflix. Not your kid doing homework. Hackers. Actual, state-sponsored hackers running their operations through your home network while you binge “The Bear.”
The FBI has now issued multiple warnings — in May 2025 and again in March 2026 — specifically naming router models that are being hijacked en masse. This isn’t hypothetical. This is happening right now, in American homes, and most people have zero idea.
Here’s what you need to know, what to look for, and what to actually do about it — today, not next month.
Why Your Old Router Is Basically an Open Door
Routers aren’t like toasters. They don’t just keep working until the heating element dies. A router is a computer — a small, simple computer — and like any computer, it needs software updates to stay secure. When a manufacturer stops sending those updates, every new weakness that gets discovered stays wide open. Forever.
The industry calls this “end of life,” and it’s exactly what it sounds like. Your router might still power on and push Wi-Fi to your phone, but under the hood, it’s a sitting duck. Cybersecurity experts say that once a router hits end-of-life status, it becomes a permanent liability because every vulnerability found after that point goes unpatched.
And the hackers know this. They specifically scan for these old models. It’s like leaving your front door open with a sign that says “nobody’s home.”
The Specific Models the FBI Flagged
The FBI’s original warning zeroed in on older Linksys routers that were sold under the Cisco brand. These are all models from roughly 2010 or earlier, and none of them receive security patches anymore. Here’s the list:
E1200, E2500, E1000, E4200, E1500, E3200, WRT320N, E1550, WRT610N, M10, and WRT310N.
If any of those model numbers are printed on the bottom of your router, stop reading and go order a new one. Seriously. You can check the model number on a sticker on the bottom or back of the device.
But here’s the thing people miss — the problem isn’t limited to this list. The FBI issued a second warning in March 2026 naming 18 additional models caught up in malware operations. This is an ongoing, growing problem, not a one-time event. If your router is from any brand and it’s more than five or six years old, you should be suspicious.
The Malware That Doesn’t Even Need Your Password
The main malware strain being used is called TheMoon, and it’s been floating around since 2014. What makes it nasty is that it doesn’t need your Wi-Fi password to get in. It scans for open ports on your router, sends a command, and waits for instructions from a hacker’s server. That’s it. You don’t have to click anything. You don’t have to download anything. Your router just quietly becomes part of a criminal network.
Once TheMoon is on your router, hackers use your internet connection as a proxy — meaning they route their activity through your network to hide their real location. They could be committing financial fraud, accessing the dark web, or stealing credentials from other people, and all that traffic looks like it’s coming from your house. The FBI actually seized two proxy services — Anyproxy and 5Socks — that were running on thousands of these hijacked home routers.
TP-Link: The Biggest Name With the Biggest Questions
TP-Link is everywhere. If you bought a cheap router at Walmart or Best Buy in the last few years, there’s a good chance it’s a TP-Link. The company grew from about 10% of the U.S. retail router market in 2019 to roughly 60% by late 2024. They reportedly control close to 80% of the Wi-Fi 7 mesh system market. Those are staggering numbers.
The U.S. government launched a national security investigation into TP-Link involving the Departments of Justice, Commerce, and Defense. In October 2024, Microsoft tracked a network of compromised TP-Link routers being used by Chinese state-sponsored hacking groups to conduct password spray attacks against Microsoft accounts. Members of Congress flagged TP-Link devices showing up on U.S. military bases, which is… not great.
Then Russian hackers got involved too. Microsoft and the UK’s National Cyber Security Centre reported that the hacking group APT28 (Fancy Bear) targeted numerous TP-Link products, many of which were already end-of-life. Germany’s intelligence office confirmed thousands of TP-Link devices were attacked.
TP-Link’s defense? That most competitors also source components from China and that other brands like Cisco and Netgear have had vulnerabilities too. That’s true. But it doesn’t change the fact that TP-Link’s market dominance combined with its track record makes it the single biggest target out there.
A lot of ISPs also hand out TP-Link routers as the default equipment — sometimes rebranded so you can’t even tell. If your internet provider gave you a router and you never looked at the brand, it’s worth flipping it over to check.
The FCC Ban That Shook Up the Router Market
The FCC banned the future import of consumer-grade Wi-Fi routers manufactured overseas, citing national security concerns and specifically pointing to the Volt Typhoon, Flax Typhoon, and Salt Typhoon cyberattacks. Those attacks exploited home routers to access American networks and critical infrastructure.
Here’s the catch: almost no major router brand manufactures domestically. Not Netgear, not Asus, not Linksys. The ban targets new models that haven’t gone through the FCC’s authorization process yet. Routers already on store shelves and in your home aren’t affected. The brands most likely to get squeezed are smaller, foreign-based companies like Cudy, Reyee, and OKN — companies that may not be able to provide firmware updates beyond March 2027. Major brands are expected to get conditional approvals and keep operating, but the landscape for budget routers is shifting fast.
Warning Signs Your Router Might Already Be Compromised
According to the FBI’s advisory, there are a few red flags to watch for: the router runs unusually hot, your internet gets spotty for no clear reason, or you notice settings have changed without you touching them. The frustrating part is that many compromised routers show zero symptoms. They work perfectly fine on the surface while quietly routing criminal traffic in the background.
The biggest risk factor? Having remote administration turned on. That’s a setting that lets you manage your router from outside your home network — and it also lets hackers access the admin panel from anywhere on the internet. Most people never need this feature. If you’re not sure whether it’s on, log into your router’s admin page (usually 192.168.1.1 or 192.168.0.1 in your browser) and look for anything labeled “remote management” or “remote access.” Turn it off.
How Often You Actually Need to Replace Your Router
Cybersecurity experts disagree on exact timelines, but the consensus is tighter than most people expect. One IT security expert says routers should be replaced whenever the manufacturer stops issuing updates, which can be as short as three years. Another recommends replacing every two to four years as a general rule.
If you bought your router during Obama’s second term, you’re way overdue. If you bought it during Trump’s first term, you’re probably approaching the danger zone. A decent rule of thumb: check the manufacturer’s website for your model number. If they list it as “end of life” or “legacy,” it’s time.
What to Buy Instead (Without Overspending)
You don’t need to drop $400 on a Wi-Fi 7 mesh system, though they are nice if you have a big house. Wi-Fi 6 routers are still a major upgrade and you can grab solid options from Netgear, Asus, or Eero for $60 to $120 at Best Buy, Walmart, or Amazon. Netgear was the first major brand to publicly back the FCC’s push for tighter security standards, for whatever that’s worth to you.
If you want Wi-Fi 7, know that you’ll only see the full speed benefit on devices that also support Wi-Fi 7 — which right now is a small number of newer phones and laptops. For most people, a Wi-Fi 6 router in the $80-$100 range is the sweet spot.
Five Things to Do the Day You Set Up a New Router
First: change the default admin username and password immediately. This is the single most overlooked step and also the most obvious one. The default credentials for most routers are publicly available online — literally a Google search away.
Second: turn on automatic firmware updates. Most modern routers from major brands support this. It’s usually a toggle in the admin settings.
Third: disable remote management. Unless you have a specific, technical reason to leave it on, shut it off.
Fourth: set your Wi-Fi password to something strong — at least 16 characters, mixing letters, numbers, and symbols. Not your dog’s name. Not your address.
Fifth: set up a separate guest network for visitors and smart home devices like cameras, thermostats, and smart plugs. This keeps your main network isolated even if one of those devices gets compromised. It takes about two minutes in your router settings and it’s one of the smartest things you can do.
Your router is the front gate to every device in your house. If it’s old, unsupported, or running default settings, you’re making things way too easy for people who make a living exploiting exactly that. Flip yours over, check the model number, and if it’s on any of those lists — or if you genuinely can’t remember when you bought it — just replace it. A $90 router is a whole lot cheaper than dealing with the fallout of a compromised network.
