Meridian Integrated Personal Call Director Password Disclosure

OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CWE-200 WASC-13 WSTG-ATHN-03

Meridian Integrated Personal Call Director (MIPCD) is used by users to redirect calls from any person to any mobile phone or landline. MIPCD continues to forward calls tell anyone picks up or all the options are exhausted. The MIPCD can be used to set rules for call forwarding for mobile phones and FAX machines. The Meridian Integrated Personal Call Director contained a bug due to which, an attacker can expose MIPCD to gain unauthorised password exposure. The attacker can gain remote access to the login, password and user config files through the web interface. These files contain the usernames and passwords of all the MIPCD users and might also include credentials of the administrator account. This vulnerability poses a huge risk to the security of the web application.


The impact include:-

  • Access to unauthorised content
  • Loss of sensitive data.
  • Possible data manipulation.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Upgrade MIPCD to the latest version ( 1.5 or higher).

Latest Articles