Grade F · High Risk

Is Mercusys Safe?

Mercusys is a wholly-owned TP-Link subsidiary based in Shenzhen, China. F grade. New models blocked from FCC authorization. Full analysis.

Last reviewed: March 2026 · ismyroutersafe.com

Ownership & FCC Status
Owner
TP-Link subsidiary (Chinese-owned)
FCC Status
New models blocked from FCC authorization
Ban Status
New models blocked
Manufacturing
China
Models in DB
1 analyzed
Grade Range
F

Security Verdict

Mercusys Communications Co., Ltd. is a wholly-owned subsidiary of TP-Link, headquartered in Shenzhen, China. It carries all the same risks as TP-Link itself: Chinese ownership, subject to China's National Intelligence Law, and new models blocked from FCC authorization in 2026. Mercusys is marketed as a budget alternative to TP-Link, but from a security perspective they are the same entity. If you have a Mercusys router, treat it the same way as TP-Link and replace it.

Bottom line: Same ownership risk as TP-Link. Replace.

Corporate Ownership Structure

Mercusys Communications Co., Ltd. is a wholly owned subsidiary of TP-Link Technologies Co., Ltd., operating as a separate brand for budget-tier markets. Mercusys shares manufacturing facilities, supply chain infrastructure, and engineering resources with TP-Link parent. The same active federal investigation, FCC authorization restrictions (new models blocked), and Chinese National Intelligence Law obligations that apply to TP-Link apply identically to Mercusys.

Mercusys Models - Security Grades

All Mercusys models in our database. Click a model for its full security report.

Model Grade FCC Status Security Support Made In
Halo H70X F Authorized - under review Active China

Key Risk Factors

TP-Link subsidiary - same risk profile
Mercusys is 100% owned by TP-Link. All Chinese state intelligence law exposure and FCC restrictions apply equally.
New models blocked from FCC authorization
As of 2026, new Mercusys models cannot receive FCC authorization.

Known CVEs - Mercusys Routers

The following vulnerabilities from the NIST National Vulnerability Database affect Mercusys router models. This is a representative sample; the full CVE list may be longer.

CVE-2022-33992 Critical (CVSS 9.8)
OS command injection in MR50G, MR70X, and MR30G routers via the traceroute diagnostic function. Allows remote unauthenticated attackers to execute arbitrary OS commands with root privilege.

Frequently Asked Questions

Mercusys is a budget router brand that is a wholly-owned subsidiary of TP-Link. It is headquartered in Shenzhen, China and carries the same ownership risks as TP-Link.

No. Mercusys is a Chinese-owned TP-Link subsidiary. It has the same national security concerns as TP-Link and new models are blocked from FCC authorization. Replace with a non-Chinese brand.

CHECK YOUR SPECIFIC MODEL

Get your router's full security report

Check any specific model for CVEs, FCC status, security capabilities, and your personalized action plan.

Check a Router → Top 10 Safe Routers
Related Security Pages
Related Brands
Is TP-Link Safe? Is Huawei Router Safe? Is Tenda Router Safe?
Related Guides
FCC Ban on Foreign Routers Explained Volt Typhoon: Chinese State Hackers China's National Intelligence Law Router Replacement Guide
A free public tool made with 🦾 by Rio