Grade F · High Risk
Is MikroTik Safe?
MikroTik is a Latvian company with hardware manufactured in China. F grade due to China manufacturing and critical CVE history. Full security analysis.
MikroTik is a Latvian company with hardware manufactured in China. F grade due to China manufacturing and critical CVE history. Full security analysis.
MikroTik (Mikrotikls SIA) is a privately held Latvian company headquartered in Riga. It has no Chinese ownership and is not subject to China's National Intelligence Law as a corporate entity. However, MikroTik hardware - including the hAP ax² and hAP ax³ - is assembled in China, introducing hardware supply chain risk. MikroTik routers are well regarded in the networking community for their RouterOS operating system and advanced feature set, but they have accumulated a significant CVE history, including critical remote code execution vulnerabilities. MikroTik devices have been targeted by major botnets including Meris, which used compromised MikroTik routers to conduct record-breaking DDoS attacks. The brand requires technical expertise to configure securely.
Bottom line: Latvian company with no ban risk. Requires skilled configuration. The CVE and Meris botnet history means unpatched or misconfigured MikroTik devices are high-value targets.
Mikrotikls SIA is a privately held Latvian company incorporated in Riga, Latvia in 1996 by Arnis Riekstins and John Trully. The company has not disclosed its full ownership structure publicly. Mikrotikls is headquartered in Riga and operates under European Union jurisdiction. MikroTik hardware, including the hAP ax series, is assembled in China. As a Latvian company, Mikrotikls is not subject to China's National Intelligence Law - but China-based assembly introduces hardware supply chain considerations. MikroTik publishes its RouterOS source code for inspection under a proprietary license.
All MikroTik models in our database. Click a model for its full security report.
| Model | Grade | FCC Status | Security Support | Made In |
|---|---|---|---|---|
| hAP ax² | F | FCC authorized - foreign manufacture rule applies | Active | China |
| hAP ax³ | F | FCC authorized - foreign manufacture rule applies | Active | China |
MikroTik is a Latvian company with no Chinese ownership or ban risk. However, it has a significant CVE history, and compromised MikroTik devices formed the backbone of the Meris botnet (2021 record-breaking DDoS attacks). MikroTik is powerful in skilled hands but risky when left on default or unpatched settings. Keep RouterOS updated and disable any unused services.
Yes. MikroTik hardware including the hAP ax series is assembled in China. MikroTik is a Latvian company (Mikrotikls SIA, Riga) and is not subject to China's National Intelligence Law - but China-based assembly does introduce supply chain considerations.
No. MikroTik is not on the FCC Covered List and is not subject to any US ban. It is a Latvian company with no Chinese government ownership. The risks with MikroTik are primarily CVE history and the need for skilled configuration, not national security ownership concerns.
The Meris botnet (2021) was a massive DDoS network built primarily from compromised MikroTik routers that had not been patched or had weak credentials. It launched record-breaking attacks against Yandex and Cloudflare. Tens of thousands of MikroTik routers were involved. The vulnerability exploited was CVE-2018-14847, a years-old issue that many users had not patched.
Both are prosumer brands manufactured in China but owned by non-Chinese companies. Ubiquiti (US, NYSE-listed) has the edge for home and small office use due to its more polished security features and the UniFi ecosystem. MikroTik is powerful for advanced users but has a higher CVE count and the Meris botnet association makes default or unpatched devices higher risk.
CHECK YOUR SPECIFIC MODEL
Check any specific model for CVEs, FCC status, security capabilities, and your personalized action plan.
Check a Router → Top 10 Safe Routers