With the development of Internet of Things(IoT), more and more smart devices are connected into the Internet. The security and privacy issues of IoT devices have received increasingly academic and industrial attentions. Vulnerability detection is the key technology to protect IoT devices from zero-day attacks. However, traditional methods and tools of vulnerability detection cannot be directly used in analyzing IoT firmware. This paper firstly reviews related works on vulnerability detection in IoT firmware, previous researches are classified into four types i.e. static analysis, symbolic execution, fuzzing on emulators and comprehensive testing. Then, this paper points out that the specificity of vulnerability detection in IoT firmware is to detect logical flaws in embedded binaries which are built on the MIPS architecture. Finally, this paper proposes a method based on fuzzing and static analysis to detect authentication bypass flaws in IoT embedded binary servers. The proposed method is proved to be effective by verifying known CVEs as well as discovering unknown ones.