To increase the accuracy of vulnerability analysis of Internet of Things (IoT) device firmware, an in-depth analysis of more than 50 IoT device firmware vulnerabilities of the MIPS architecture was performed, and a firmware vulnerability analysis combining dynamic and static method based on guided fuzzing was proposed. All the function information in the firmware program was obtained, and the dangerous code area was located according to function call graph of data introducing function and dangerous function. The detailed control flow diagram of dangerous code area was used to calculate the distance from the basic block to vulnerability trigger function, and the seed energy was dynamically adjused to achieve the guided fuzzing of the vulnerability trigger function. The DirFirmFuzz, a firmware vulnerability analysis system for IoT devices based on MIPS architecture was designed and implemented. The experimental results showed that comparing with the existing methods, the false alarm rate of system vulnerability analysis could be reduced by 73.31% on average, and the average speed of DirFirmFuzz to reach the vulnerability trigger function was 1.1~7 times faster than that of the existing tools. At the same time, during the real world testing, 12 0-day vulnerabilities from multiple vendors such as D-Link and Cisco were discovered, and all of them have been reported to relevant vendors for patching.