China deploys plausibly deniable backdoors into internationally shipped network devices. Bugs that are remotely exploitable if you know they exist, but not obvious enough that they provide justification for the devices to be banned from import. These consumer devices are not exploited for intelligence gathering, but rather deployed as proxies that fall into one of two common buckets: acting as SOCKS proxies to relay attacks, and allowing a remote operator to scan for nearby wireless networks and bridge into them.
The NDAA blacklist was a happy compromise by the US government of banning the most egregious vendors that might find their way into sensitive facilities (Huawei, Hikvision, etc) while letting consumer focused brands that do the same (TPLink, Jetstream, Wavlink, etc) slip by so it didn't appear at face value to be a blockade of all Chinese made networking gear.
Taiwan on the other hand is less concerned about how China perceives their relations and bans all these vendors. They also ban Zoom.
First, [citation needed] w.r.r tplink and other consumer grade routers 'getting off easy'
Second, you seem knowledgeable about concerns w.r.t some supply chain attacks, at least from foreign actors, so do you have an alternative suggestion that isn't impacted by such concerns?
Ubiquiti is a non starter imo given their recent posture
"We are unsure how the attackers managed to infect the router devices with their malicious implant. It is likely that they gained access to these devices by either scanning them for known vulnerabilities or targeting devices that used default or weak and easily guessable passwords for authentication"
This implies the opposite of "the CCP has a backdoor to every device". Vulnerable devices from all manufacturers get exploited like this all the time.
I use TP link access points with my own cloud controller (running in docker container on my LAN) and a separate wired router. I don’t think there’s any concern with access points “phoning home” in this configuration.
This is huge! Please link me to the evidence to back this up.